Educause Security Discussion mailing list archives
Re: Best practices for identifying students
From: Joanna Grama <jgrama () EDUCAUSE EDU>
Date: Thu, 7 Sep 2017 11:59:04 +0000
Good morning, Walter: I am sure that you will get many responses to your question from members on this list. In addition, the Higher Education Information Security Council (HEISC) has created an Information Security Guide<http://www.educause.edu/security/guide> that contains a chapter on identity and access management topics. You may find some of the information in that chapter helpful: https://spaces.internet2.edu/display/2014infosecurityguide/Identity+and+Access+Management#IdentityandAccessManagement-Management In particular, click on the link at the top of the page for “User Access Management.” If you scroll down through that section, there are some institutional case studies on identity proofing tactics that may be useful to you. The Information Security Guide is aligned with multiple standards (NIST 800-53; ISO/IEC 27002:2013; etc.) and includes key objectives and implementation guidance to assist organizations with developing an effective information security program. What makes the HEISC Information Security Guide so unique is that resources and content included in Guide chapters are provided by higher education information security professionals with expertise in both information security and higher education. If I can be of more assistance, please do let me know. Kind regards, Joanna Joanna Grama, JD, CISSP, CRISC, CIPT Director of Cybersecurity and IT GRC Programs EDUCAUSE Uncommon Thinking for the Common Good 282 Century Place, Suite 5000, Louisville, CO 80027 direct: 720.406.6769 | cell: 720.507.5983 | jgrama () educause edu<mailto:jgrama () educause edu> Become a Member- Everyone at your organization is an EDUCAUSE member when you join | Access discounts, resources, and valuable peer networks | Discover membership<https://www.educause.edu/about/discover-membership> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of WALTER KERNER Sent: Thursday, September 7, 2017 7:49 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Best practices for identifying students Hi all. Can you comment on your practices and procedures for confirming student identity if they request a password re-set? We have to service people in person, through email, and on the phone. A couple of ideas if have heard • Ask the caller/emailer to text or email a picture of him/herself • Ask the caller/emailer questions from his/her student record, like birthdate or course name • Set up a knowledge-based question set like mother’s maiden name or favorite movie. Are you using these or other techniques? We appreciate the insights. Thanks Walter Kerner Acting AVP and CISO [blue] 333 7th Avenue, 13th Floor New York, NY 10001 Voice: 212-217-3415
Current thread:
- Best practices for identifying students WALTER KERNER (Sep 07)
- Re: Best practices for identifying students Joanna Grama (Sep 07)
- Message not available
- Re: Best practices for identifying students Rich Graves (Sep 07)
- Re: Best practices for identifying students Hugh Burley (Sep 07)
- Re: Best practices for identifying students WALTER KERNER (Sep 07)
- Re: Best practices for identifying students Jones, Mark B (Sep 07)