Re: 2-Factor and Board of Trustees/ Council of Regents

["Bandy, John" <jbandy () SAMFORD EDU>]

We are requiring it for everyone (staff/faculty/students and event external vendor support accounts). One way to 
address this is to give a CyberSecurity update to the Board/Council and stress on how important 2fa is for the 
organization (for digital ID protection) and explain how you are "leaving the back door open" by allowing their 
accounts to be exempted.

Also, challenge them to set the bar (example) for the rest of the organization.

I have received a lot of mileage by taking this approach.

If you dig into the technical details of most of the cyber attacks, they involve digital ID theft/impersonation to use 
VPN,RDP or system logins to perform their work.  Also, don't "cave" in and whitelist your on campus IP Addresses. This 
is another "leaving the back door open" situation.

I am more than happy to discuss further off list if you are interested

John Bandy
Chief Information Security Officer
Technology Services

205-726-2692<tel:+1205-726-2692> | office
205-726-2692 | fax
JBandy () Samford Edu<mailto:JBandy () Samford Edu>
Twitter<http://twitter.com/SamfordInfoSec>
800 Lakeshore Drive
Birmingham, AL 35229<https://maps.google.com/maps?q=800+Lakeshore+Drive,+Birmingham,+AL+35229,+US>

[mford Samford University Logo]



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Pardonek, Jim
Sent: Friday, January 31, 2020 7:57 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [EXTERNAL][SECURITY] 2-Factor and Board of Trustees/ Council of Regents

Greetings,

Looking to find out what your institution's policy is regarding 2-factor authentication your Board of Trustees or 
Council of Regents.  We are leaning towards exempting them, or at least some of them, based on their level of technical 
expertise.  We have a wide age range in these groups and given their position, we don't necessarily want to 
inconvenience them.

Thanks in advance.

James Pardonek, MS, CISSP, CEH, GSNA
Associate Director
Chief Information Security Officer
Loyola University Chicago
1032 W. Sheridan Road | Chicago, IL  60660

*: (773) 508-6086

Loyola University Chicago will never ask you for your username or password.
For the latest information security news at Loyola, please follow us online,
Twitter: @LUCUISO
Facebook: https://www.facebook.com/lucuiso/
Our Blog http://blogs.luc.edu/uiso/


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://secure-web.cisco.com/16bAeuItxirTBMR0Rqc44dUNd-zcr9tyOgRR_9mHw77MIu8UxzOD62HqL9tbqEcAHfRZuSsp63Z9K9Uvhi8UgltEL2lBhJ0l0GyNUKtq3YDOpxlTT6qZXQ_d8fjhCKh0FvSH2Nm2pjpYfo4Z7wtSaDEfJYQUH8wcncaHZrpsxckFfz3uTrxu08BeLA6q4AKWIXwqDJEjj82ZbDotuevMHraRVl1WOpw3gQ1JYaJCztCBKZvP8w8-SxjOzuUmf8rxQXPhnZQ80htUBi1NCGHX0YlUtTGXKLIGvm9dh3_EIPzbdq6tDiXXsS3YUdvVom9D6PtOwCdjdsfLpkff_hYW3vQ/https%3A%2F%2Fwww.educause.edu%2Fcommunity>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community