Educause Security Discussion mailing list archives
Regulatory Compliance / User Training / Identity Confirmation
From: Anthony Maszeroski <maszeroskia3 () SCRANTON EDU>
Date: Fri, 21 Nov 2008 14:41:56 -0500
Before everyone falls into the haze of post-Thanksgiving Day dinner, I'd like to throw some questions to the group : 1.) Has anyone had any experience, positive or negative, with bringing in external consultants to provide the user training recommended/mandated by the various regulations we are subject to (FTC "Red Flag"/HIPAA/FERPA/GLBA/PATRIOT/etc.)? If so, who did you use? If not, how did you tackle this in-house? 2.) Is anyone using a service (e.g., Acxiom FactCheck-X) to provide identity confirmation for distance learning students? Are you happy with the service? 3.) If I'm interpreting the proposed new FERPA regulations correctly, the days of formulaic initial passwords derived from an individual's D.O.B. and/or SSN are numbered (no pun intended). For institutions that have already been down this road, have you moved to random initial passwords? If so, how do you distribute them? We'd like to avoid paper mailings if at all possible and instead distribute them electronically with an identity confirmation system front-end similar to the one utilized at AnnualCreditReport.com. The problem is finding enough data on a new student that can be mined to populate the question/answer challenges. -- - Anthony Maszeroski, CCNA ----------------------------------- Information Security Manager The University of Scranton email : maszeroskia3 () scranton edu phone : 570-941-4226 -----------------------------------
Current thread:
- Regulatory Compliance / User Training / Identity Confirmation Anthony Maszeroski (Nov 21)
- <Possible follow-ups>
- Re: Regulatory Compliance / User Training / Identity Confirmation Gary Flynn (Nov 21)