Educause Security Discussion mailing list archives
Re: Freedom versus Security
From: Daniel Bennett <daniel.bennett () PCT EDU>
Date: Mon, 10 Dec 2012 20:23:53 +0000
We have taken a similar approach... http://www.pct.edu/its/Policy.htm From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jacobson, Dick Sent: Monday, December 10, 2012 2:42 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Freedom versus Security We took a little different spin saying "anything that uses our Higher Ed resources needs to follow our policies" whether we own the device or not. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Shamblin, Quinn Sent: Monday, December 10, 2012 1:31 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Freedom versus Security This is something anyone that has put written policies in place has probably faced. The way we handeled it was to talk in terms of choices: "If you choose to use your own machine to conduct business, it is your responsibility to ensure that your machine meets these security requirements." We put talk about it in diplomatic terms, but to put it in blunt language, it boils down to this: It may be your machine, but it is our data and these are the requirements if you want access to it. Our policies are found here: http://www.bu.edu/infosec/policies/data-protection-standards/ But this one is where you really see that discussed: http://www.bu.edu/tech/policies/info-security/1-2-e-minimum-security-standards/ Look under the "Minimum Security Standards for Personally Owned or Personally Managed Devices" heading. Quinn R Shamblin ------------------------------------------------------------------------------------------------ Executive Director of Information Security, Boston University CISM, CISSP, GCFA, PMP - O 617-358-6310 M 617-999-7523 Contact me securely: https://securecontact.me/qrs () bu edu From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU]<mailto:[mailto:SECURITY () LISTSERV EDUCAUSE EDU]> On Behalf Of Russ Leathe Sent: Monday, December 10, 2012 2:00 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Freedom versus Security Silly question, but... Have you had the discussion (with Staff and/or Faculty) about your policy's "controlling nature" regarding electronic security? Currently, we are actively implementing our WISP (Written Information Security Policy), according to State and Federal Guidelines. Unfortunately, we are getting some push back. One in particular, a personally owned laptop must adhere to the Colleges guidelines of authentication. If you have run into this scenario, how did you resolve it? Thanks, Russ
Current thread:
- Freedom versus Security Russ Leathe (Dec 10)
- Re: Freedom versus Security Shamblin, Quinn (Dec 10)
- Re: Freedom versus Security Jacobson, Dick (Dec 10)
- Re: Freedom versus Security Daniel Bennett (Dec 10)
- Re: Freedom versus Security Mertz, Brian E (Dec 10)
- Re: Freedom versus Security Jacobson, Dick (Dec 10)
- Re: Freedom versus Security Shamblin, Quinn (Dec 10)
- <Possible follow-ups>
- Re: Freedom versus Security SCHALIP, MICHAEL (Dec 10)
- Re: Freedom versus Security Russ Leathe (Dec 11)
- Re: Freedom versus Security Louis APONTE (Dec 11)
- Re: Freedom versus Security Russ Leathe (Dec 11)