Practices for student employees resetting faculty/staff

[Velislav K Pavlov <VelislavPavlov () FERRIS EDU>]

Good morning,

We are debating whether to allow student employees at our IT Service Desk to reset University account passwords for 
faculty and staff or not. There are FERPA considerations, which can't be ignored and resource limitations, which can be 
compensated by  leveraging student employee assistance. What is your security practice when it comes to account 
password resets done by student employees? If you allowed student employees to reset passwords, what controls did you 
put in place to assure proper authorization, authentication, accountability, confidentiality, and audit of the 
activities? Thank you for the consideration.


Vel Pavlov | IT Security Analyst
M.Sc., CISSP, C|EH, C)PTE, Security+, ITIL, A+
Big Rapids, MI 49307
Phone (231)-591-5613
VelPavlov () ferris edu<mailto:VelPavlov () ferris edu>
[cid:image001.png@01D04B6D.98A5DE30]

Notice:This email message and any attachments are for the confidential use of the intended recipient. If that isn't 
you, please do not read the message or attachments, or distribute or act in reliance on them. If you have received this 
message by mistake, please immediately notify us and delete this message and any attachments. Thank you.