Foreign Nationals

[Dean Halter <dean.halter () NOTES UDAYTON EDU>]

Nation-state cyber activity has come up and we are being asked to
examine our IT security posture with respect to our foreign national
population.  In general we employ a typical layered approach with
assigned user accounts, network admission control, firewall, employee
background checks, process/confidentiality agreements surrounding
access to administrative and finance systems, etc.  Outside of areas
w/ specific export control or contractual requirements, I’m wondering
if others have considered/implemented additional controls or practices
specific to this constituent group supplementing their general network
security or to further restrict/monitor access to sensitive
administrative services or data resources.

Thanks in advance,
Dean
___________
Dean Halter, CISA, CISSP
IT Risk Management Officer, UDit
University of Dayton

"Security is a process, not a product."  Bruce Schneier