[SECURITY]

["Eric C. Lukens" <eric.lukens () UNI EDU>]

Along the same lines, I was wondering why the AUP got special
recognition above many of the other policies. Shouldn't people have to
acknowledge all the policies or at least all that are applicable to
them? Such as the discrimination, harassment, procurements, conflict of
interest, fire safety, injury reporting, public records, intellectual
property, and so forth. Aren't those just as important?

I know certain people in certain job duties must do annual training and
acknowledgement per various regulations (PCI DSS, HIPAA, Mandatory
Reporting of Child Abuse, etc). But for the typical campus
student/employee/faculty, is there something special about the AUP? Are
abuses of the AUP so rife and common that it requires more education and
enforcement than the other policies, which are also likely just as
ignored or abused? Should they rather be acknowledging the existence of
your entire policy library and given a link to it?

I'm not saying I have the answers to those questions, but I could see
requiring acknowledgment of some policies but not others leading to
other unintended consequences.

-Eric

Berman, Mark wrote:
> When I worked in the Massachusetts State University System we were told
> by our attorneys that publishing the policy is enough to make people
> responsible and that requiring folks to sign off on it just gives them a
> potential legal excuse if they *don't* sign. 
>
> FWIW.
>
>  - Mark
> --
> Mark Berman, Chief Information Officer
> Siena College
> 515 Loudon Road
> Loudonville, NY  12211
> (518)782-6957,  Fax: (518)783-2590
> /*Siena College is a learning community advancing the ideals of a
> liberal arts education, rooted in its identity as a Franciscan and
> Catholic institution.
> */
> /CONFIDENTIALITY NOTICE: This e-mail, including any attachments, is for
> the sole use of the intended recipient(s) and may contain confidential
> and privileged information. Any unauthorized review, use, disclosure, or
> distribution is prohibited. If you received this e-mail and are not the
> intended recipient, please inform the sender by e-mail reply and destroy
> all copies of the original message./
>
>
> Content-Type: text/html
>
> We require an annual password change, and the process requires the
> acceptance of our usage policy. 
>
>  
>
> *From:* The EDUCAUSE Security Constituent Group Listserv [mailto:[log in
> to unmask]
> <http://listserv.educause.edu/cgi-bin/wa.exe?LOGON=A3%3Dind1308%26L%3DSECURITY%26E%3Dquoted-printable%26P%3D134667%26B%3D--_000_2C17E27E26DEE641AEECF7583B3CAB1A2581D978evcspmbx1adsnor_%26T%3Dtext%252Fhtml%3B%2520charset%3Dus-ascii>.EDU]
>  *On
> Behalf Of *Michael J. Kenney
> *Sent:* Monday, August 19, 2013 10:53 AM
> *To:* [log in to unmask]
> <http://listserv.educause.edu/cgi-bin/wa.exe?LOGON=A3%3Dind1308%26L%3DSECURITY%26E%3Dquoted-printable%26P%3D134667%26B%3D--_000_2C17E27E26DEE641AEECF7583B3CAB1A2581D978evcspmbx1adsnor_%26T%3Dtext%252Fhtml%3B%2520charset%3Dus-ascii>
> *Subject:* [SECURITY] annual AUP acknowledgement required?
>
>  
>
> Just curious if anyone knew if it’s required from an audit perspective
> to have faculty, staff and student acknowledge an Acceptable Use Policy
> on an annual basis? We have each user accept this policy before their
> account is enabled and wanted to know if this is enough to check the
> box. Also, if you require an annual acknowledgement, what technology
> method are using to have user digitally accept the policy?
>
>  
>
> Thank you,
>
>  
>
> Michael

-- 
Eric C. Lukens
IT Security Policy and Risk Assessment Analyst
ITS-Network Services
Curris Business Building 15
University of Northern Iowa
Cedar Falls, IA 50614-0121
(319) 273-7434
http://www.uni.edu/elukens/

If you see an attachment called smime.p7s, you may disregard it. It is
an S/MIME digital signature file to validate the authenticity of this
email message.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature