Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: stopping students sharing their login credentials

From: Gary Flynn <flynngn () JMU EDU>
Date: Fri, 23 Jan 2009 13:22:23 -0500
randy marchany wrote:

One should never put in a policy/standard any item that can not be
enforced.


I've heard that opinion espoused several times and I don't
understand it.

How does that philosophy work with the honor code? With laws
against theft and murder? Copyright? For that matter, any
action that results in an abuse of privilege or accessible
resources that is only actionable after the action
occurs.

Policy specifies the rules. It shouldn't be necessary to be
able to prevent someone from breaking a policy before you
can have one. I think that is one of the major black holes
we've walked down with technology...expecting it to be able
to do everything for us.


On Thu, Jan 22, 2009 at 9:25 PM, Russell Fulton <r.fulton () auckland ac nz> wrote:

Background:



On the social/education side we could make an example of anyone we finger
for this (assuming we can make charges stick) in the hope that this will
persuade other students not to share their passwords.


Or make an example of the person performing unauthorized access to
your resources. Particularly if the login banner specifies they are
for use only by members of your organization.


--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Previous By Date Next
Previous By Thread Next

Current thread: