Educause Security Discussion mailing list archives
[SECURITY]
From: "Eric C. Lukens" <eric.lukens () UNI EDU>
Date: Tue, 20 Aug 2013 08:36:44 -0500
Along the same lines, I was wondering why the AUP got special recognition above many of the other policies. Shouldn't people have to acknowledge all the policies or at least all that are applicable to them? Such as the discrimination, harassment, procurements, conflict of interest, fire safety, injury reporting, public records, intellectual property, and so forth. Aren't those just as important? I know certain people in certain job duties must do annual training and acknowledgement per various regulations (PCI DSS, HIPAA, Mandatory Reporting of Child Abuse, etc). But for the typical campus student/employee/faculty, is there something special about the AUP? Are abuses of the AUP so rife and common that it requires more education and enforcement than the other policies, which are also likely just as ignored or abused? Should they rather be acknowledging the existence of your entire policy library and given a link to it? I'm not saying I have the answers to those questions, but I could see requiring acknowledgment of some policies but not others leading to other unintended consequences. -Eric Berman, Mark wrote:
When I worked in the Massachusetts State University System we were told by our attorneys that publishing the policy is enough to make people responsible and that requiring folks to sign off on it just gives them a potential legal excuse if they *don't* sign. FWIW. - Mark -- Mark Berman, Chief Information Officer Siena College 515 Loudon Road Loudonville, NY 12211 (518)782-6957, Fax: (518)783-2590 /*Siena College is a learning community advancing the ideals of a liberal arts education, rooted in its identity as a Franciscan and Catholic institution. */ /CONFIDENTIALITY NOTICE: This e-mail, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you received this e-mail and are not the intended recipient, please inform the sender by e-mail reply and destroy all copies of the original message./ Content-Type: text/html We require an annual password change, and the process requires the acceptance of our usage policy. *From:* The EDUCAUSE Security Constituent Group Listserv [mailto:[log in to unmask] <http://listserv.educause.edu/cgi-bin/wa.exe?LOGON=A3%3Dind1308%26L%3DSECURITY%26E%3Dquoted-printable%26P%3D134667%26B%3D--_000_2C17E27E26DEE641AEECF7583B3CAB1A2581D978evcspmbx1adsnor_%26T%3Dtext%252Fhtml%3B%2520charset%3Dus-ascii>.EDU] *On Behalf Of *Michael J. Kenney *Sent:* Monday, August 19, 2013 10:53 AM *To:* [log in to unmask] <http://listserv.educause.edu/cgi-bin/wa.exe?LOGON=A3%3Dind1308%26L%3DSECURITY%26E%3Dquoted-printable%26P%3D134667%26B%3D--_000_2C17E27E26DEE641AEECF7583B3CAB1A2581D978evcspmbx1adsnor_%26T%3Dtext%252Fhtml%3B%2520charset%3Dus-ascii> *Subject:* [SECURITY] annual AUP acknowledgement required? Just curious if anyone knew if it’s required from an audit perspective to have faculty, staff and student acknowledge an Acceptable Use Policy on an annual basis? We have each user accept this policy before their account is enabled and wanted to know if this is enough to check the box. Also, if you require an annual acknowledgement, what technology method are using to have user digitally accept the policy? Thank you, Michael
-- Eric C. Lukens IT Security Policy and Risk Assessment Analyst ITS-Network Services Curris Business Building 15 University of Northern Iowa Cedar Falls, IA 50614-0121 (319) 273-7434 http://www.uni.edu/elukens/ If you see an attachment called smime.p7s, you may disregard it. It is an S/MIME digital signature file to validate the authenticity of this email message.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- [SECURITY] Berman, Mark (Aug 20)
- [SECURITY] Eric C. Lukens (Aug 20)