Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: User's not following the rules

From: "Sachnoff, Neil" <NSachnoff () MIDDLESEXCC EDU>
Date: Thu, 18 Sep 2008 06:52:16 -0400
Last time we tried to push this concept the institution was unwilling to
place in policy what the penalties would be. We have many unions on
campus.

 

/Neil  

Neil S. Sachnoff, Executive Director, Information Technology
Middlesex County College 
2600 Woodbridge Avenue, JLC Rm. 209 
Edison, NJ 08818-3050 

 PThink before you print

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of James Farr '05'
Sent: Wednesday, September 17, 2008 3:40 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] User's not following the rules

 

We are currently evaluating what to do when a user does not follow the
Information Security Policies adopted by the institution.


Currently our policies are handled on a case by case basis.  There are
no set forth policies that clearly state if you provide your password to
another user x,y,z, will happen.

 

Does anyone have a guideline they can share on what happens when a user
does not follow the established rules.

Do you test users on their understanding of the security policies?

If so are penalties more sever if the user demonstrated knowledge in the
area?

Do sanction change based on the number of times they do not follow the
policy?

 

Thank you for your time

James Farr

Utica College

Information Security Officer
Previous By Date Next
Previous By Thread Next

Current thread: