Re: Lockout Settings

["Sarazen, Daniel" <dsarazen () UMASSP EDU>]

We use 15 as the default, but some areas are set to as little as 5 (health center, bursar, ect )

And controlled at the domain level so the user cannot disabled.

Good luck



-----Original Message-----
From: Radford, Jennifer [jradford () INTAUDIT UBC CA]
Received: 8/27/10 4:47 PM
To: SECURITY () LISTSERV EDUCAUSE EDU [SECURITY () LISTSERV EDUCAUSE EDU]
Subject: Re: [SECURITY] Lockout Settings

Hi Todd,

> From an internal audit perspective, screen lockouts should be risk based. Obviously they are more important depending 
> on the type of data that is involved and that could potential by viewed / altered by unauthorised parties. Sounds like 
> you are dealing with sensitive data but if any of this is regulated data, e.g personally identifiable data, then this 
> may raise the risk even higher.

Also, consideration should be given to what type of environment is in place, e.g. open plan versus closed locked 
offices.

Lastly, users should be educated on the security risks of leaving open screens unattended and policy should drive 
behaviour to get employees to 'cntl alt delete' before they leave their desk.

Once the above has been considered, management can make an informed decision about whether to set at 10, 15, 20 etc 
minutes before screen lock out.

Cheers,

Jen



Jennifer Radford, Senior IT Audit Manager
Internal Audit, UBC
6000 Iona Drive, Vancouver, BC Canada V6T 1L4
Phone:  604-822-6512
Fax:  604-822-9027
E-mail:  Jradford () intaudit ubc ca
Web:  www.intaudit.ubc.ca<http://www.intaudit.ubc.ca>
The information contained in this e-mail message is strictly confidential and intended solely for the use of the 
designated addressee(s). Any unauthorized viewing, disclosure, copying or distribution of this e-mail is prohibited and 
may be unlawful. If you have received this e-mail in error, please do not read it, reply to the sender immediately to 
inform us that you are not the intended recipient, and delete the e-mail from your computer system. Thank you.

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Plesco, 
Todd
Sent: Friday, August 27, 2010 1:22 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Lockout Settings

I'd like to get everyone's feedback on their current enterprise settings for screen lockout.  This discussion has re 
emerged for us as we roll out Sharepoint with Windows Authentication (rather than through an ISA server) which will 
provide portals (without a second login/password requirement) into some applications which maintain sensitive data.  Is 
everyone using a 15 minute screen lockout?  Do you have Sharepoint? Browser timeout?

Todd A. Plesco  CISM, CBCP
Chapman University, Director of Information Security
One University Drive, Orange, CA 92866
Phone: (714) 744-7979/Fax: (714) 744-7041


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Barros, 
Jacob
Sent: Thursday, June 11, 2009 12:00 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Timeout/Lockout Settings

15 minutes for us as well.  There are a few exceptions like an OU for
admissions counselors.  Lock it when you leave it is ideal.

Jacob Barros
Network Administrator
Grace College


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Adam Richard
Sent: Wednesday, June 10, 2009 10:35 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Timeout/Lockout Settings

I am curious to know how other peer institutions are setting up their
timeout/lockout settings.

How are you enforcing the timeouts (pointsec, windows settings,
screensaver,etc)?

How long must the PC be inactive for the timeout setting to take effect?
Do
the time limits vary based on user?

Thanks all!

Adam Richard '05
IT Security Analyst/Operations Specialist

Messiah College
Hoffman 211
(717) 796-1800 x.6570

One College Ave.
Information Technology Services
Box 3055
Grantham, PA 17027

"ITS will never ask you for your password"