Educause Security Discussion mailing list archives
Re: [External Sender] Re: [SECURITY] Login Request
From: "Menne, Michael S" <michael.menne () MNSU EDU>
Date: Tue, 25 Sep 2018 13:36:26 +0000
Chris, I would advocate for your initial ideas of saving things to his private space (cloud storage or file server, not local profile folders) and use FDE on the device. On Mac and Windows, logins can be restricted to individual users if need be. As for our institution, the data is not the staff/faculty member’s property (in most cases). There is bargaining unit contractual language regarding what is considered a faculty member’s intellectual property. We are also a state government entity, so the device is the property and responsibility of the University to maintain security. This precludes the individual from using personal encryption as it would prevent us from maintaining the security of the device. Michael Menne, CISSP Chief Information Security Officer IT Solutions Information Security Minnesota State University, Mankato Phone: (507) 389-5705 www.mnsu.edu/its/security<applewebdata://E5E98DA9-AEBC-4104-AA47-742D8C5F4644/www.mnsu.edu/its/security> [cid:image001.png@01D341A0.236300E0] Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of "Davis, Chris" <CDavis () LOURDES EDU> Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: Monday, September 24, 2018 at 8:54 AM To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] [External Sender] Re: [SECURITY] Login Request It’s a sound idea, but I really don’t like the idea of someone using personal encryption on a university-owned computer. What would stop the person from putting university data into that store and then leaving or becoming incapacitated, etc. We would lose access to that data as well. Chris Christopher Davis, Ph.D. Chief Information Officer Assistant Professor of Education Apple Teacher Lourdes University 6832 Convent Blvd | REH 003P | Sylvania, OH 43560 cdavis () lourdes edu<mailto:cdavis () lourdes edu> CyberAware – Be aware. Stay Secure! Lourdes University will never ask you to send sensitive information through unsecure channels. Report any message that asks you to provide or confirm personal information such as credit card and/or bank account numbers, Social Security numbers, passwords, etc. or any other suspicious activity to infosec () lourdes edu. For more information please visit lourdes.edu/cyberaware. CONFIDENTIALITY NOTICE: The contents of this email message and any attachments are intended solely for the addressee(s) and may contain confidential and/or privileged information and may be legally protected from disclosure. If you are not the intended recipient of this message or their agent, or if this message has been addressed to you in error, please immediately alert the sender by reply email and then delete this message and any attachments. If you are not the intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its attachments is strictly prohibited. On Sep 24, 2018, at 9:52 AM, Thomas Carter <tcarter () AUSTINCOLLEGE EDU<mailto:tcarter () AUSTINCOLLEGE EDU>> wrote: What about personal encryption using something like Veracrypt (fork of TrueCrypt), AxCrypt, GPG, etc? Then it’s entirely in his hands as long as he’s made aware that you cannot recover the data for him if he loses/forgets the password. Thomas Carter Network & Operations Manager / IT Austin College 900 North Grand Avenue Sherman, TX 75090 Phone: 903-813-2564 www.austincollege.edu<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.austincollege.edu%2F&data=02%7C01%7Cmichael.menne%40MNSU.EDU%7Cc7014f27cd9c430ac8e008d622252c01%7C0c0d13782eaf49c7afa98b40189a1b5c%7C0%7C0%7C636733940393195928&sdata=a5QVRIY%2B6tvnrMP96l3yoqiw5X4IbHafJ9IytvIR08o%3D&reserved=0> From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Davis, Chris Sent: Monday, September 24, 2018 8:17 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Login Request We received a request from a user who is concerned about security of his laptop. He wants us to make it so no one else can log into the computer. He is concerned about the security of sensitive data on the computer. He is worried that someone else could log into the computer and see his data. I am not the type to make special accommodations for users, especially when there are easy solutions to achieve the same results. Our suggestion is to train him to save data in his profile only and then provide full disk encryption. Has anyone else run into a situation like this, and how did you resolve it? Chris Christopher Davis, Ph.D. Chief Information Officer Assistant Professor of Education Apple Teacher Lourdes University 6832 Convent Blvd | REH 003P | Sylvania, OH 43560 cdavis () lourdes edu<mailto:cdavis () lourdes edu> CyberAware – Be aware. Stay Secure! Lourdes University will never ask you to send sensitive information through unsecure channels. Report any message that asks you to provide or confirm personal information such as credit card and/or bank account numbers, Social Security numbers, passwords, etc. or any other suspicious activity to infosec () lourdes edu<mailto:infosec () lourdes edu>. For more information please visit lourdes.edu/cyberaware<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flourdes.edu%2Fcyberaware&data=02%7C01%7Cmichael.menne%40MNSU.EDU%7Cc7014f27cd9c430ac8e008d622252c01%7C0c0d13782eaf49c7afa98b40189a1b5c%7C0%7C0%7C636733940393195928&sdata=TGeATawpTCkFtbCnhwuJO9vXHYTbu0K1Z8RHQ%2BqGUNE%3D&reserved=0>. CONFIDENTIALITY NOTICE: The contents of this email message and any attachments are intended solely for the addressee(s) and may contain confidential and/or privileged information and may be legally protected from disclosure. If you are not the intended recipient of this message or their agent, or if this message has been addressed to you in error, please immediately alert the sender by reply email and then delete this message and any attachments. If you are not the intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its attachments is strictly prohibited.
Current thread:
- Re: [External Sender] Re: [SECURITY] Login Request Menne, Michael S (Sep 25)