Educause Security Discussion mailing list archives

Re: User's not following the rules

From: Theresa Semmens <theresa.semmens () NDSU EDU>
Date: Thu, 18 Sep 2008 08:53:16 -0500

We have in place an acceptable use review committee that deals with such
issues.  The procedure and policy list the penalties, the committee provides
recommendations, and ultimately, it is left up to the college or department
to levy the penalty.



Theresa Semmens, CISA
NDSU IT Security Officer
PO Box 6050
North Dakota State University
Fargo, ND 58108
Phone: 701-231-5870
FAX: 701-231-8541
Theresa.Semmens () ndsu edu

"Opportunity is missed by most people because it is dressed in overalls and
looks like work."  Thomas Edison



From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Sachnoff, Neil
Sent: Thursday, September 18, 2008 5:52 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] User's not following the rules



Last time we tried to push this concept the institution was unwilling to
place in policy what the penalties would be. We have many unions on campus.



/Neil

Neil S. Sachnoff, Executive Director, Information Technology
Middlesex County College
2600 Woodbridge Avenue, JLC Rm. 209
Edison, NJ 08818-3050

 PThink before you print



From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of James Farr '05'
Sent: Wednesday, September 17, 2008 3:40 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] User's not following the rules



We are currently evaluating what to do when a user does not follow the
Information Security Policies adopted by the institution.


Currently our policies are handled on a case by case basis.  There are no
set forth policies that clearly state if you provide your password to
another user x,y,z, will happen.



Does anyone have a guideline they can share on what happens when a user does
not follow the established rules.

Do you test users on their understanding of the security policies?

If so are penalties more sever if the user demonstrated knowledge in the
area?

Do sanction change based on the number of times they do not follow the
policy?



Thank you for your time

James Farr

Utica College

Information Security Officer

Current thread:

User's not following the rules James Farr '05' (Sep 17)
- <Possible follow-ups>
- Re: User's not following the rules Gary Dobbins (Sep 17)
- Re: User's not following the rules Theresa Semmens (Sep 17)
- Re: User's not following the rules James Farr '05' (Sep 17)
- Re: User's not following the rules Bob Kalal (Sep 17)
- Re: User's not following the rules Sachnoff, Neil (Sep 18)
- Re: User's not following the rules Mehmedovic, Jenny (Sep 18)
- Re: User's not following the rules Theresa Semmens (Sep 18)
- Re: User's not following the rules James Farr '05' (Sep 18)
- Re: User's not following the rules Paul Kendall (Sep 18)
- Re: User's not following the rules Bill Lantry (Sep 18)
- Re: User's not following the rules Basgen, Brian (Sep 18)