Re: Lockout Settings

["McCrary, Barbara" <bmccrary () OGSLP ORG>]

AGREED 


Barbara McCrary 
Chief Information Security Officer
MCSE, MCSE:Security, +Messaging, CompTia:Security+

bmccrary () ogslp org

Oklahoma State Regents for Higher Education
421 NW 13th, Ste 250 
Oklahoma City, OK  73103 
405 234.4316 office 
405 234.4321 cell 
405 234.4588 fax

Note:  This communication and attachments, if any, are intended solely for the use of the addressee hereof.  In 
addition, this information and attachments, if any, may contain information that is confidential, privileged and exempt 
from disclosure under applicable law, including, but not limited to, the Privacy Act of 1974.  If you are not the 
intended recipient of this information, you are prohibited from reading, disclosing, reproducing, distributing, 
disseminating, or otherwise using this information.  If you have received this message in error, please promptly notify 
the sender and immediately, delete this communication from your system.


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Doty, 
Timothy T.
Sent: Friday, August 27, 2010 3:54 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Lockout Settings

I would just like to point out that "Windows Key-L" is faster and more reliable than the ctrl-alt-del method.

I've had windows be sluggish about pulling up the dialog, and iffy for catching the return key stroke -- all of which 
is significant if the employee is in a hurry to leave.

Tim Doty

> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv 
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Radford, Jennifer
> Sent: Friday, August 27, 2010 3:37 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Lockout Settings
>
> Hi Todd,
>
> From an internal audit perspective, screen lockouts should be risk 
> based. Obviously they are more important depending on the type of data 
> that is involved and that could potential by viewed / altered by 
> unauthorised parties. Sounds like you are dealing with sensitive data 
> but if any of this is regulated data, e.g personally identifiable 
> data, then this may raise the risk even higher.
>
> Also, consideration should be given to what type of environment is in 
> place, e.g. open plan versus closed locked offices.
>
> Lastly, users should be educated on the security risks of leaving open 
> screens unattended and policy should drive behaviour to get employees 
> to 'cntl alt delete' before they leave their desk.
>
> Once the above has been considered, management can make an informed 
> decision about whether to set at 10, 15, 20 etc minutes before screen 
> lock out.
>
> Cheers,
>
> Jen
>
>
>
> Jennifer Radford, Senior IT Audit Manager Internal Audit, UBC 6000 
> Iona Drive, Vancouver, BC Canada V6T 1L4
> Phone:  604-822-6512
> Fax:  604-822-9027
> E-mail:  Jradford () intaudit ubc ca
> Web:  www.intaudit.ubc.ca
> The information contained in this e-mail message is strictly 
> confidential and intended solely for the use of the designated 
> addressee(s). Any unauthorized viewing, disclosure, copying or 
> distribution of this e-mail is prohibited and may be unlawful. If you 
> have received this e-mail in error, please do not read it, reply to 
> the sender immediately to inform us that you are not the intended 
> recipient, and delete the e-mail from your computer system. Thank you.
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv 
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Plesco, Todd
> Sent: Friday, August 27, 2010 1:22 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Lockout Settings
>
> I'd like to get everyone's feedback on their current enterprise 
> settings for screen lockout.  This discussion has re emerged for us as 
> we roll out Sharepoint with Windows Authentication (rather than 
> through an ISA server) which will provide portals (without a second 
> login/password requirement) into some applications which maintain 
> sensitive data.  Is everyone using a 15 minute screen lockout?  Do you 
> have Sharepoint? Browser timeout?
>
> Todd A. Plesco  CISM, CBCP
> Chapman University, Director of Information Security One University 
> Drive, Orange, CA 92866
> Phone: (714) 744-7979/Fax: (714) 744-7041
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv 
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Barros, Jacob
> Sent: Thursday, June 11, 2009 12:00 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Timeout/Lockout Settings
>
> 15 minutes for us as well.  There are a few exceptions like an OU for 
> admissions counselors.  Lock it when you leave it is ideal.
>
> Jacob Barros
> Network Administrator
> Grace College
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv 
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Adam Richard
> Sent: Wednesday, June 10, 2009 10:35 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Timeout/Lockout Settings
>
> I am curious to know how other peer institutions are setting up their 
> timeout/lockout settings.
>
> How are you enforcing the timeouts (pointsec, windows settings, 
> screensaver,etc)?
>
> How long must the PC be inactive for the timeout setting to take 
> effect?
> Do
> the time limits vary based on user?
>
> Thanks all!
>
> Adam Richard '05
> IT Security Analyst/Operations Specialist
>
> Messiah College
> Hoffman 211
> (717) 796-1800 x.6570
>
> One College Ave.
> Information Technology Services
> Box 3055
> Grantham, PA 17027
>
> "ITS will never ask you for your password"