Re: Login Request

[Frank Barton <bartonf () HUSSON EDU>]

Chris, we haven't run into this here, but here are my thoughts on the
matter:

1) You are absolutely correct - data should be saved to profile only, so
even if someone else did sign in, assuming they didn't have administrative
access, they couldn't access the data.
2) Full disk encryption - right on, bitlocker or whatever, usually has a
PIN/passcode to prevent the computer from even being booted by unauthorized
folks
3) "No" - if it is a university laptop, "you" (being a representative of
the IT Department) need to maintain access to the laptop
4) depending on the nature of the data, other controls may be in order
(host-based firewall, encrypted folders, etc.)
4.a) If the data is *that* sensitive it probably shouldn't be stored on a
laptop that can leave controlled environments
5) Audit trail - set up access logging so that you can prove who has
accessed the sensitive data
6) how is this data being backed up?
7) how secure are the user's credentials? MFA?

We have identified certain information on campus, and make sure that it is
stored on specific file-shares, for which we have access logging enabled
specifically so that we have the audit trail of "who has seen this"

Frank

On Mon, Sep 24, 2018 at 9:16 AM Davis, Chris <CDavis () lourdes edu> wrote:

> We received a request from a user who is concerned about security of his
> laptop.  He wants us to make it so no one else can log into the computer.
> He is concerned about the security of sensitive data on the computer.  He
> is worried that someone else could log into the computer and see his data.
>
>
> I am not the type to make special accommodations for users, especially
> when there are easy solutions to achieve the same results.  Our suggestion
> is to train him to save data in his profile only and then provide full disk
> encryption.
>
> Has anyone else run into a situation like this, and how did you resolve it?
>
> Chris
>
>
>
> *Christopher Davis, Ph.D.*
> Chief Information Officer
> Assistant Professor of Education
> Apple Teacher
> Lourdes University
> 6832 Convent Blvd | REH 003P | Sylvania, OH 43560
> cdavis () lourdes edu
>
> *CyberAware – Be aware. Stay Secure!*
> Lourdes University will never ask you to send sensitive information
> through unsecure channels. Report any message that asks you to provide
> or confirm personal information such as credit card and/or bank
> account numbers, Social Security numbers, passwords, etc. or any
> other suspicious activity to infosec () lourdes edu. For more information
> please visit lourdes.edu/cyberaware.
>
> *CONFIDENTIALITY NOTICE: *The contents of this email message and any
> attachments are intended solely for the addressee(s) and may
> contain confidential and/or privileged information and may be
> legally protected from disclosure. If you are not the intended recipient of
> this message or their agent, or if this message has been addressed to
> you in error, please immediately alert the sender by reply email and then
> delete this message and any attachments. If you are not the intended
> recipient, you are hereby notified that any use, dissemination, copying, or
> storage of this message or its attachments is strictly prohibited.

-- 
Frank Barton, MBA
Security+, ACMT, MCP
IT Systems Administrator
Husson University