Re: Lockout Settings

["Doty, Timothy T." <tdoty () MST EDU>]

I would just like to point out that "Windows Key-L" is faster and more
reliable than the ctrl-alt-del method.

I've had windows be sluggish about pulling up the dialog, and iffy for
catching the return key stroke -- all of which is significant if the
employee is in a hurry to leave.

Tim Doty

> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Radford, Jennifer
> Sent: Friday, August 27, 2010 3:37 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Lockout Settings
>
> Hi Todd,
>
> From an internal audit perspective, screen lockouts should be risk
> based. Obviously they are more important depending on the type of data
> that is involved and that could potential by viewed / altered by
> unauthorised parties. Sounds like you are dealing with sensitive data
> but if any of this is regulated data, e.g personally identifiable data,
> then this may raise the risk even higher.
>
> Also, consideration should be given to what type of environment is in
> place, e.g. open plan versus closed locked offices.
>
> Lastly, users should be educated on the security risks of leaving open
> screens unattended and policy should drive behaviour to get employees
> to 'cntl alt delete' before they leave their desk.
>
> Once the above has been considered, management can make an informed
> decision about whether to set at 10, 15, 20 etc minutes before screen
> lock out.
>
> Cheers,
>
> Jen
>
>
>
> Jennifer Radford, Senior IT Audit Manager
> Internal Audit, UBC
> 6000 Iona Drive, Vancouver, BC Canada V6T 1L4
> Phone:  604-822-6512
> Fax:  604-822-9027
> E-mail:  Jradford () intaudit ubc ca
> Web:  www.intaudit.ubc.ca
> The information contained in this e-mail message is strictly
> confidential and intended solely for the use of the designated
> addressee(s). Any unauthorized viewing, disclosure, copying or
> distribution of this e-mail is prohibited and may be unlawful. If you
> have received this e-mail in error, please do not read it, reply to the
> sender immediately to inform us that you are not the intended
> recipient, and delete the e-mail from your computer system. Thank you.
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Plesco, Todd
> Sent: Friday, August 27, 2010 1:22 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Lockout Settings
>
> I'd like to get everyone's feedback on their current enterprise
> settings for screen lockout.  This discussion has re emerged for us as
> we roll out Sharepoint with Windows Authentication (rather than through
> an ISA server) which will provide portals (without a second
> login/password requirement) into some applications which maintain
> sensitive data.  Is everyone using a 15 minute screen lockout?  Do you
> have Sharepoint? Browser timeout?
>
> Todd A. Plesco  CISM, CBCP
> Chapman University, Director of Information Security
> One University Drive, Orange, CA 92866
> Phone: (714) 744-7979/Fax: (714) 744-7041
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Barros, Jacob
> Sent: Thursday, June 11, 2009 12:00 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Timeout/Lockout Settings
>
> 15 minutes for us as well.  There are a few exceptions like an OU for
> admissions counselors.  Lock it when you leave it is ideal.
>
> Jacob Barros
> Network Administrator
> Grace College
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Adam Richard
> Sent: Wednesday, June 10, 2009 10:35 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Timeout/Lockout Settings
>
> I am curious to know how other peer institutions are setting up their
> timeout/lockout settings.
>
> How are you enforcing the timeouts (pointsec, windows settings,
> screensaver,etc)?
>
> How long must the PC be inactive for the timeout setting to take
> effect?
> Do
> the time limits vary based on user?
>
> Thanks all!
>
> Adam Richard '05
> IT Security Analyst/Operations Specialist
>
> Messiah College
> Hoffman 211
> (717) 796-1800 x.6570
>
> One College Ave.
> Information Technology Services
> Box 3055
> Grantham, PA 17027
>
> "ITS will never ask you for your password"

Attachment: smime.p7s
Description: