Educause Security Discussion mailing list archives
Re: 2-Factor and Board of Trustees/ Council of Regents
From: "Bandy, John" <jbandy () SAMFORD EDU>
Date: Mon, 3 Feb 2020 13:40:34 +0000
We are requiring it for everyone (staff/faculty/students and event external vendor support accounts). One way to address this is to give a CyberSecurity update to the Board/Council and stress on how important 2fa is for the organization (for digital ID protection) and explain how you are "leaving the back door open" by allowing their accounts to be exempted. Also, challenge them to set the bar (example) for the rest of the organization. I have received a lot of mileage by taking this approach. If you dig into the technical details of most of the cyber attacks, they involve digital ID theft/impersonation to use VPN,RDP or system logins to perform their work. Also, don't "cave" in and whitelist your on campus IP Addresses. This is another "leaving the back door open" situation. I am more than happy to discuss further off list if you are interested John Bandy Chief Information Security Officer Technology Services 205-726-2692<tel:+1205-726-2692> | office 205-726-2692 | fax JBandy () Samford Edu<mailto:JBandy () Samford Edu> Twitter<http://twitter.com/SamfordInfoSec> 800 Lakeshore Drive Birmingham, AL 35229<https://maps.google.com/maps?q=800+Lakeshore+Drive,+Birmingham,+AL+35229,+US> [mford Samford University Logo] From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Pardonek, Jim Sent: Friday, January 31, 2020 7:57 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [EXTERNAL][SECURITY] 2-Factor and Board of Trustees/ Council of Regents Greetings, Looking to find out what your institution's policy is regarding 2-factor authentication your Board of Trustees or Council of Regents. We are leaning towards exempting them, or at least some of them, based on their level of technical expertise. We have a wide age range in these groups and given their position, we don't necessarily want to inconvenience them. Thanks in advance. James Pardonek, MS, CISSP, CEH, GSNA Associate Director Chief Information Security Officer Loyola University Chicago 1032 W. Sheridan Road | Chicago, IL 60660 *: (773) 508-6086 Loyola University Chicago will never ask you for your username or password. For the latest information security news at Loyola, please follow us online, Twitter: @LUCUISO Facebook: https://www.facebook.com/lucuiso/ Our Blog http://blogs.luc.edu/uiso/ ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://secure-web.cisco.com/16bAeuItxirTBMR0Rqc44dUNd-zcr9tyOgRR_9mHw77MIu8UxzOD62HqL9tbqEcAHfRZuSsp63Z9K9Uvhi8UgltEL2lBhJ0l0GyNUKtq3YDOpxlTT6qZXQ_d8fjhCKh0FvSH2Nm2pjpYfo4Z7wtSaDEfJYQUH8wcncaHZrpsxckFfz3uTrxu08BeLA6q4AKWIXwqDJEjj82ZbDotuevMHraRVl1WOpw3gQ1JYaJCztCBKZvP8w8-SxjOzuUmf8rxQXPhnZQ80htUBi1NCGHX0YlUtTGXKLIGvm9dh3_EIPzbdq6tDiXXsS3YUdvVom9D6PtOwCdjdsfLpkff_hYW3vQ/https%3A%2F%2Fwww.educause.edu%2Fcommunity> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- 2-Factor and Board of Trustees/ Council of Regents Pardonek, Jim (Jan 31)
- Re: 2-Factor and Board of Trustees/ Council of Regents Jerry Tylutki (Jan 31)
- Re: 2-Factor and Board of Trustees/ Council of Regents Bandy, John (Feb 03)
- <Possible follow-ups>
- Re: 2-Factor and Board of Trustees/ Council of Regents Hudson, Edward (Feb 11)