Educause Security Discussion mailing list archives
Re: Login Request
From: Frank Barton <bartonf () HUSSON EDU>
Date: Mon, 24 Sep 2018 09:26:28 -0400
Chris, we haven't run into this here, but here are my thoughts on the matter: 1) You are absolutely correct - data should be saved to profile only, so even if someone else did sign in, assuming they didn't have administrative access, they couldn't access the data. 2) Full disk encryption - right on, bitlocker or whatever, usually has a PIN/passcode to prevent the computer from even being booted by unauthorized folks 3) "No" - if it is a university laptop, "you" (being a representative of the IT Department) need to maintain access to the laptop 4) depending on the nature of the data, other controls may be in order (host-based firewall, encrypted folders, etc.) 4.a) If the data is *that* sensitive it probably shouldn't be stored on a laptop that can leave controlled environments 5) Audit trail - set up access logging so that you can prove who has accessed the sensitive data 6) how is this data being backed up? 7) how secure are the user's credentials? MFA? We have identified certain information on campus, and make sure that it is stored on specific file-shares, for which we have access logging enabled specifically so that we have the audit trail of "who has seen this" Frank On Mon, Sep 24, 2018 at 9:16 AM Davis, Chris <CDavis () lourdes edu> wrote:
We received a request from a user who is concerned about security of his laptop. He wants us to make it so no one else can log into the computer. He is concerned about the security of sensitive data on the computer. He is worried that someone else could log into the computer and see his data. I am not the type to make special accommodations for users, especially when there are easy solutions to achieve the same results. Our suggestion is to train him to save data in his profile only and then provide full disk encryption. Has anyone else run into a situation like this, and how did you resolve it? Chris *Christopher Davis, Ph.D.* Chief Information Officer Assistant Professor of Education Apple Teacher Lourdes University 6832 Convent Blvd | REH 003P | Sylvania, OH 43560 cdavis () lourdes edu *CyberAware – Be aware. Stay Secure!* Lourdes University will never ask you to send sensitive information through unsecure channels. Report any message that asks you to provide or confirm personal information such as credit card and/or bank account numbers, Social Security numbers, passwords, etc. or any other suspicious activity to infosec () lourdes edu. For more information please visit lourdes.edu/cyberaware. *CONFIDENTIALITY NOTICE: *The contents of this email message and any attachments are intended solely for the addressee(s) and may contain confidential and/or privileged information and may be legally protected from disclosure. If you are not the intended recipient of this message or their agent, or if this message has been addressed to you in error, please immediately alert the sender by reply email and then delete this message and any attachments. If you are not the intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its attachments is strictly prohibited.
-- Frank Barton, MBA Security+, ACMT, MCP IT Systems Administrator Husson University
Current thread:
- Login Request Davis, Chris (Sep 24)
- Re: Login Request Frank Barton (Sep 24)
- Re: Login Request Haselhoff, Brent (Sep 24)
- Re: Login Request Jackson, William (Sep 24)
- Re: Login Request Thomas Carter (Sep 24)
- Re: [External Sender] Re: [SECURITY] Login Request Davis, Chris (Sep 24)
- Re: [External Sender] Re: [SECURITY] Login Request Thomas Carter (Sep 24)
- Re: [External Sender] Re: [SECURITY] Login Request Davis, Chris (Sep 24)
- Re: Login Request Frank Barton (Sep 24)