Educause Security Discussion mailing list archives
Re: [EXTERNAL] Re: [SECURITY] Student employees and access to data
From: James Valente <jvalente () SALEMSTATE EDU>
Date: Fri, 10 May 2019 14:24:54 +0000
We use a similar strategy as Sherry describes for most of our student workers. -Students in Sensitive areas get security awareness training (diverges from non-student employees, all of which get this training when onboarded) -Students who handle PCI data get annual PCI training as required by PCI-DSS -They get a separate email account for work stuff (this is important to quickly revoke access without interfering with their academics.) Unfortunately, our reslife student employees don't follow this and I haven't had any luck in having any enforcement on this. They aren't hired through HR so it's an edge case. We've been fortunate that our FTEs in sensitive areas that also manage student workers have been great allies to our security program. There's some gaps in reaching student workers in various academic departments, the library, and so forth but the nature of their work also presents a lot less institutional risk. Thanks, James Valente Associate Director of Information Security Salem State University 978.542.2739 GPG Fingerprint: B086 58B5 DE53 328A 210D 5F3D BF20 1E0A 813A EDD1 From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Pesino, Sherry Sent: Friday, 10 May, 2019 10:18 To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [EXTERNAL] Re: [SECURITY] Student employees and access to data CAUTION: This email originated from outside of Salem State University. Do not click links or open attachments unless you recognize the sender and know the content is safe. We treat our student employees like traditional employees. They have access to what they need to complete the work they are hired to do. They also must complete the same awareness training and follow the same policies as full time employees and use an official email account for any work related email. Sherry ____________ Sherry Pesino, CISSP Information Security Program Office Connecticut State Colleges and Universities 61 Woodland Street Hartford, CT 06105 860-723-0021 pesinos () ct edu <mailto:pesinos () ct edu> From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> > On Behalf Of Pete, Andrew Sent: Friday, May 10, 2019 10:12 AM To: SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Student employees and access to data We have a number of departments that have work study students. I'm curious what other institutions are doing around access to data that may be sensitive whether in hard copy or digital format. What do you allow, what don't you allow? Why types of policies/procedures do you have in place?
Attachment:
smime.p7s
Description:
Current thread:
- Student employees and access to data Pete, Andrew (May 10)
- Re: Student employees and access to data Pesino, Sherry (May 10)
- Re: [EXTERNAL] Re: [SECURITY] Student employees and access to data James Valente (May 10)
- Re: [EXTERNAL] Re: [SECURITY] Student employees and access to data Mike Beane (May 10)
- Re: Student employees and access to data King, Ronald A. (May 10)
- Re: [External] Re: [SECURITY] Student employees and access to data Gregg, Christopher S. (May 10)
- Re: Student employees and access to data Linc Nesheim (May 10)
- Re: [EXTERNAL] Re: [SECURITY] Student employees and access to data James Valente (May 10)
- Re: Student employees and access to data Pesino, Sherry (May 10)