Educause Security Discussion mailing list archives
Re: User's not following the rules
From: Bob Kalal <kalal.1 () OSU EDU>
Date: Wed, 17 Sep 2008 16:42:40 -0400
Likewise echo...our policy says that violations will be handled through university disciplinary processes appropriate to the violator's status - student, faculty, staff, and visitor would all follow different routes - student judicial or academic misconduct, human resources progressive discipline, faculty rules, or the cops.
Bob Kalal On Sep 17, 2008, at 4:14 PM, Theresa Semmens wrote:
I echo Gary’s comments. Our acceptable use procedure can be found here http://its.ndsu.edu/security/au/Theresa Semmens, CISA NDSU IT Security Officer PO Box 6050 North Dakota State University Fargo, ND 58108 Phone: 701-231-5870 FAX: 701-231-8541 Theresa.Semmens () ndsu edu"Opportunity is missed by most people because it is dressed in overalls and looks like work." Thomas EdisonFrom: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU ] On Behalf Of Gary DobbinsSent: Wednesday, September 17, 2008 3:01 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] User's not following the rulesFWIW, judgments in cases like the one you describe are handled (here) by the relevant University office (e.g. Student Affairs, HR, Provost) because they have ceased to be "information security" in nature, and instead are an employee performance issue or a code-of- conduct question. Ihe IT folks become suppliers to those offices of background data on the case. We are not expected to judge nor impose sanctions of our own choosing. I have found this to be a very proper arrangement.From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU ] On Behalf Of James Farr '05'Sent: Wednesday, September 17, 2008 3:40 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] User's not following the rulesWe are currently evaluating what to do when a user does not follow the Information Security Policies adopted by the institution.Currently our policies are handled on a case by case basis. There are no set forth policies that clearly state if you provide your password to another user x,y,z, will happen.Does anyone have a guideline they can share on what happens when a user does not follow the established rules.Do you test users on their understanding of the security policies?If so are penalties more sever if the user demonstrated knowledge in the area? Do sanction change based on the number of times they do not follow the policy?Thank you for your time James Farr Utica College Information Security Officer
Current thread:
- User's not following the rules James Farr '05' (Sep 17)
- <Possible follow-ups>
- Re: User's not following the rules Gary Dobbins (Sep 17)
- Re: User's not following the rules Theresa Semmens (Sep 17)
- Re: User's not following the rules James Farr '05' (Sep 17)
- Re: User's not following the rules Bob Kalal (Sep 17)
- Re: User's not following the rules Sachnoff, Neil (Sep 18)
- Re: User's not following the rules Mehmedovic, Jenny (Sep 18)
- Re: User's not following the rules Theresa Semmens (Sep 18)
- Re: User's not following the rules James Farr '05' (Sep 18)
- Re: User's not following the rules Paul Kendall (Sep 18)
- Re: User's not following the rules Bill Lantry (Sep 18)
- Re: User's not following the rules Basgen, Brian (Sep 18)