Re: Passwords

["Barton, Robert W." <bartonrt () LEWISU EDU>]

Morning,

I thought we talked about this once before, but I can't find any of the emails from the conversation (may have been 
year plus).  If anybody has them, and can share them, I had thought to do a spreadsheet for the group.  Sound good??

Robert W. Barton
Director of Information Security
Lewis University
One University Parkway
Romeoville, IL  60446-2200
815-836-5663

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Andrew 
Chiarello
Sent: Thursday, February 15, 2018 10:27 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Passwords

We're using a centralized, on-premises password manager (Team Password Manager, http://teampasswordmanager.com/). We've 
been using it for a few years now and we're pretty happy with it.

Each person in the tool has access to only the passwords for their group, but the rules by group can vary on who can 
create, edit, or manage their passwords. We do have a few accounts with administrator access to all the passwords if 
needed.

Andrew Chiarello
Senior Network Engineer
Bryn Mawr College
(610) 526-7966
achiarello () brynmawr edu<mailto:achiarello () brynmawr edu>



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Madl, 
Michael
Sent: Thursday, February 15, 2018 8:53 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Passwords

Morning,

Have a few questions on how your institution is managing IT passwords.  These would include system admin accounts, 
service accounts with elevated access and other critical accounts.


*        Are you utilizing a centralized password manager?  What is it? On-premise/Cloud?

o   If your answer is cloud what is your comfort level on uploading them to a provider?

*        If not centralized how are passwords managed in your decentralized environment?

*        How is access controlled to passwords?

o   Is there one person who has the keys to the kingdom? [CISO/ISO/CIO] or are your passwords accessed only as needed 
by defined roles?  Does each area have a 'password manager'?

Thanks in advance for you input and experience.



MICHAEL MADL
INFORMATION SECURITY OFFICER
UNIVERSITY INFORMATION TECHNOLOGY

INDIANA WESLEYAN UNIVERSITY
4201 SOUTH WASHINGTON STREET
MARION, IN 46953

765.677.2688   |   765.677.2020 FAX
michael.madl () indwes edu<mailto:mike.madl () indwes edu>

  [iwu]

CONFIDENTIALITY NOTICE: This email, including applicable attachments, may include legally protected information.  If 
you are not the intended recipient of this message, you may not disclose, print, copy, save, or disseminate this 
information. If you have received this email in error, please notify the sender by replying to this message and 
immediately delete this message.


This message (including any attachments) is intended only for
the use of the individual or entity to which it is addressed and
may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product.
If you are not the intended recipient, you are hereby notified
that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this
communication in error, notify us immediately by telephone at (815)-836-5950 and
(i) destroy this message if a facsimile or (ii) delete this message
immediately if this is an electronic communication.

Thank you.