Re: [External] Re: [SECURITY] Student employees and access to data

["Gregg, Christopher S." <csgregg () STTHOMAS EDU>]

We have similar processes in place here as well.  In addition, all of our employees, including student employees, sign 
a Privileged Access and Confidentiality Agreement form as part of their on-boarding.

Thanks,

Chris


Chris Gregg
Associate Vice President of Information Security & Risk Management, CISO
Information Technology Services (ITS)
csgregg () stthomas edu<mailto:csgregg () stthomas edu>
p 1 (651) 962-6265
University of St. Thomas | stthomas.edu<https://www.stthomas.edu>





From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of King, Ronald A.
Sent: Friday, May 10, 2019 10:47 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [External] Re: [SECURITY] Student employees and access to data

Ditto for NSU with the exception we set an expiration date when their service or contract will end for any employee 
related accounts.

Ronald King
Chief Information Security Officer

Office of Information Technology
(757) 823-2916 (Office)
raking () nsu edu<mailto:raking () nsu edu>
www.nsu.edu<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.nsu.edu%2F&data=02%7C01%7Ccsgregg%40STTHOMAS.EDU%7C3900d3bbd6b549a383ae08d6d55ebda1%7Ca081ff79318c45ec95f338ebc2801472%7C1%7C0%7C636931000264361018&sdata=3GwRRh8AXw%2FQG6DLqooLnPbLnqhEQFaiwTnFeYxs%2BhI%3D&reserved=0>
@NSUCISO (Twitter)
[NSU_logo_horiz_tag_4c - Smaller]

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Pesino, Sherry
Sent: Friday, May 10, 2019 10:18 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Student employees and access to data

We treat our student employees like traditional employees. They have access to what they need to complete the work they 
are hired to do. They also must complete the same awareness training and follow the same policies as full time 
employees and use an official email account for any work related email.

Sherry
____________
Sherry Pesino, CISSP
Information Security Program Office
Connecticut State Colleges and Universities
61 Woodland Street
Hartford, CT 06105
860-723-0021
pesinos () ct edu<mailto:pesinos () ct edu>

[certified-information-systems-security-professional-cissp]



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Pete, Andrew
Sent: Friday, May 10, 2019 10:12 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Student employees and access to data

We have a number of departments that have work study students.  I'm curious what other institutions are doing around 
access to data that may be sensitive whether in hard copy or digital format.  What do you allow, what don't you allow?  
Why types of policies/procedures do you have in place?