Educause Security Discussion mailing list archives
Re: For IP; Re: good read: Please do not change your password
From: Don Cochran <dcochran () SCIPPINTERNATIONAL ORG>
Date: Sat, 17 Apr 2010 20:22:20 -0400
"most important from my point of view it gives us a yearly touch point
with users." And >> "When a user changes their password they will be advised about changes in IT/Security polices since their last change and other relevant security information. This password change becomes part of the general security consciousness raising process." Wouldn't this also be a good time to have them take their annual security awareness training? Certainly section 12 of the PCI-DSS mandates it, but most auditors feel it is best practices to meet HIPAA Privacy and HIPAA Security requirements as well as FERPA. Since virtually every institution needs to comply with at least these 3, and most probably FISMA and FERC/NERC as well as state requirements for annual security awareness training, you might as well address it once and be in compliance with all. Unquestionably, universities have it tougher than just about anyone when it comes to compliance and placating auditors. There are so many regulations, acts, laws, and other regulatory mandates that come in to play based on the information that is processed within the enterprise. Don Cochran Director, Business Development SCIPP International 1964 Gallows Road, Suite 320 Vienna, Virginia 22182 United States of America +1 703.637.4422 (Direct) +1 703.599-0666 (Cell) +1 703. 637-4371 (Fax) <http://www.SCIPPinternational.org> www.SCIPPinternational.org Ansi100x100.jpg SCIPP International "The Security Awareness Certification Company"
Current thread:
- For IP; Re: good read: Please do not change your password Gene Spafford (Apr 16)
- <Possible follow-ups>
- Re: For IP; Re: good read: Please do not change your password Stephen John Smoogen (Apr 16)
- Re: For IP; Re: good read: Please do not change your password Russell Fulton (Apr 17)
- Re: For IP; Re: good read: Please do not change your password Don Cochran (Apr 17)
- Re: For IP; Re: good read: Please do not change your password Gene Spafford (Apr 21)
- Re: For IP; Re: good read: Please do not change your password Vik Solem (Apr 23)