Educause Security Discussion mailing list archives
Re: Manual locking workstations
From: "Sarazen, Daniel" <dsarazen () UMASSP EDU>
Date: Thu, 21 Apr 2011 07:38:23 -0400
Hi All, If the control isn't managed at the Domain level (So the users can't set it to 600 minutes or turn it off completely) I write up the observation. There is no substitute manual process, that I've seen, that I'll accept. Failure to have the control in place makes nonrepudiation very difficult, at best. My two cents... Thanks [cid:image002.gif@01CBFFF7.17FDB8E0] :: Daniel Sarazen, CISSP, CISA :: Senior Information Technology Auditor :: University Internal Audit :: University of Massachusetts President's Office :: 774-455-7558 :: 781-724-3377 Cell :: 774-455-7550 Fax :: Dsarazen () umassp edu<mailto:Dsarazen () umassp edu> University of Massachusetts : 333 South St. : Suite 450 : Shrewsbury, MA 01545 : www.massachusetts.edu<http://www.massachusetts.edu/> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mclaughlin, Kevin (mclaugkl) Sent: Wednesday, April 20, 2011 3:20 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Manual locking workstations Hi Andrea: We were able to get a locking policy in place for our central IT group and we actually walk around and enforce it periodically. We have not been able to get such a policy to be implemented University wide. A draft copy of our policy is attached. - Kevin Kevin L. McLaughlin, CISM, CISSP, GIAC-GSLC, PMP, ITIL Master Certified Assistant Vice President, Information Security & Special Projects University of Cincinnati 513-556-9177 The University of Cincinnati is one of America's top public research institutions and the region's largest employer, with a student population of more than 41,000. [cid:image003.gif@01CBFFF7.17FDB8E0] From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of ANDREA Grover Sent: Wednesday, April 20, 2011 3:00 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Manual locking workstations I am working our Secure Computing Standard and am stuck in discussions about manually locking workstations. We already require that workstations are set to automatically lock after a specified time, but are also wondering about making the manual locking of workstations a requirement or a recommendation. What policies and/or practices are in place for other universities and groups? Is it a requirement or a recommendation that they lock their workstations when they leave it? If I can get any feedback on this I would appreciate it very much. Andrea Grover Weber State University - Network Security
Current thread:
- Manual locking workstations ANDREA Grover (Apr 20)
- Re: Manual locking workstations Mclaughlin, Kevin (mclaugkl) (Apr 20)
- Re: Manual locking workstations Sarazen, Daniel (Apr 21)
- Re: Manual locking workstations Hart, Lee Anne (Apr 20)
- Re: Manual locking workstations Bob Bayn (Apr 20)
- Re: Manual locking workstations Mclaughlin, Kevin (mclaugkl) (Apr 20)