Re: [External Sender] Re: [SECURITY] Login Request

["Menne, Michael S" <michael.menne () MNSU EDU>]

Chris,
I would advocate for your initial ideas of saving things to his private space (cloud storage or file server, not local 
profile folders) and use FDE on the device.  On Mac and Windows, logins can be restricted to individual users if need 
be.  As for our institution, the data is not the staff/faculty member’s property (in most cases).  There is bargaining 
unit contractual language regarding what is considered a faculty member’s intellectual property.  We are also a state 
government entity, so the device is the property and responsibility of the University to maintain security.  This 
precludes the individual from using personal encryption as it would prevent us from maintaining the security of the 
device.


Michael Menne, CISSP
Chief Information Security Officer
IT Solutions Information Security
Minnesota State University, Mankato
Phone:  (507) 389-5705
www.mnsu.edu/its/security<applewebdata://E5E98DA9-AEBC-4104-AA47-742D8C5F4644/www.mnsu.edu/its/security>

[cid:image001.png@01D341A0.236300E0]

Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended 
recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or 
distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and 
destroy all copies of the original message.


From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of "Davis, Chris" 
<CDavis () LOURDES EDU>
Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Monday, September 24, 2018 at 8:54 AM
To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] [External Sender] Re: [SECURITY] Login Request

It’s a sound idea, but I really don’t like the idea of someone using personal encryption on a university-owned 
computer.  What would stop the person from putting university data into that store and then leaving or becoming 
incapacitated, etc.  We would lose access to that data as well.

Chris


Christopher Davis, Ph.D.
Chief Information Officer
Assistant Professor of Education
Apple Teacher
Lourdes University
6832 Convent Blvd | REH 003P | Sylvania, OH 43560
cdavis () lourdes edu<mailto:cdavis () lourdes edu>

CyberAware – Be aware. Stay Secure!
Lourdes University will never ask you to send sensitive information through unsecure channels. Report any message that 
asks you to provide or confirm personal information such as credit card and/or bank account numbers, Social Security 
numbers, passwords, etc. or any other suspicious activity to infosec () lourdes edu. For more information please visit 
lourdes.edu/cyberaware.

CONFIDENTIALITY NOTICE: The contents of this email message and any attachments are intended solely for the addressee(s) 
and may contain confidential and/or privileged information and may be legally protected from disclosure. If you are not 
the intended recipient of this message or their agent, or if this message has been addressed to you in error, please 
immediately alert the sender by reply email and then delete this message and any attachments. If you are not the 
intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its 
attachments is strictly prohibited.


On Sep 24, 2018, at 9:52 AM, Thomas Carter <tcarter () AUSTINCOLLEGE EDU<mailto:tcarter () AUSTINCOLLEGE EDU>> wrote:

What about personal encryption using something like Veracrypt (fork of TrueCrypt), AxCrypt, GPG, etc? Then it’s 
entirely in his hands as long as he’s made aware that you cannot recover the data for him if he loses/forgets the 
password.

Thomas Carter
Network & Operations Manager / IT
Austin College
900 North Grand Avenue
Sherman, TX 75090
Phone: 903-813-2564
www.austincollege.edu<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.austincollege.edu%2F&data=02%7C01%7Cmichael.menne%40MNSU.EDU%7Cc7014f27cd9c430ac8e008d622252c01%7C0c0d13782eaf49c7afa98b40189a1b5c%7C0%7C0%7C636733940393195928&sdata=a5QVRIY%2B6tvnrMP96l3yoqiw5X4IbHafJ9IytvIR08o%3D&reserved=0>

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Davis, Chris
Sent: Monday, September 24, 2018 8:17 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Login Request

We received a request from a user who is concerned about security of his laptop.  He wants us to make it so no one else 
can log into the computer.  He is concerned about the security of sensitive data on the computer.  He is worried that 
someone else could log into the computer and see his data.

I am not the type to make special accommodations for users, especially when there are easy solutions to achieve the 
same results.  Our suggestion is to train him to save data in his profile only and then provide full disk encryption.

Has anyone else run into a situation like this, and how did you resolve it?

Chris


Christopher Davis, Ph.D.
Chief Information Officer
Assistant Professor of Education
Apple Teacher
Lourdes University
6832 Convent Blvd | REH 003P | Sylvania, OH 43560
cdavis () lourdes edu<mailto:cdavis () lourdes edu>

CyberAware – Be aware. Stay Secure!
Lourdes University will never ask you to send sensitive information through unsecure channels. Report any message that 
asks you to provide or confirm personal information such as credit card and/or bank account numbers, Social Security 
numbers, passwords, etc. or any other suspicious activity to infosec () lourdes edu<mailto:infosec () lourdes edu>. For 
more information please visit 
lourdes.edu/cyberaware<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flourdes.edu%2Fcyberaware&data=02%7C01%7Cmichael.menne%40MNSU.EDU%7Cc7014f27cd9c430ac8e008d622252c01%7C0c0d13782eaf49c7afa98b40189a1b5c%7C0%7C0%7C636733940393195928&sdata=TGeATawpTCkFtbCnhwuJO9vXHYTbu0K1Z8RHQ%2BqGUNE%3D&reserved=0>.

CONFIDENTIALITY NOTICE: The contents of this email message and any attachments are intended solely for the addressee(s) 
and may contain confidential and/or privileged information and may be legally protected from disclosure. If you are not 
the intended recipient of this message or their agent, or if this message has been addressed to you in error, please 
immediately alert the sender by reply email and then delete this message and any attachments. If you are not the 
intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its 
attachments is strictly prohibited.