Educause Security Discussion mailing list archives
Re: Account Lockout Communications Policy
From: "Menne, Michael S" <michael.menne () MNSU EDU>
Date: Thu, 26 Sep 2019 15:48:52 +0000
We notify affected account only after we’ve reset their password and ended all Office 365 sessions. It’s a sad culture, but it’s become common place for our users to reset their password if they are having trouble with their account. If they do happen to call into our Service Desk, there is a record of the reset and why in the ticketing system. I have not done any notification or reset concerning the Chegg data breach. I’m debating on whether or not we do any notification. If we do, I need to be careful about the wording as the breach was far beyond our password reset policy, so institution passwords would have been changed already multiple times. Our central identity management system disables the account once a password has expired. Our Active Directory also sets a password expiration timed to line up with the expiration of the Identity Management system. Michael Menne, CISSP Chief Information Security Officer IT Solutions Information Security Minnesota State University, Mankato Phone: (507) 389-5705 www.mnsu.edu/its/security<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mnsu.edu%2Fits%2Fsecurity&data=02%7C01%7Cmichael.menne%40mnsu.edu%7Cc3f4cd9ab99f4649715b08d711fdf18b%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C636997654686922241&sdata=NzHU9kDya1V9tYgnABc4v7zjESJZYry6TOWstB%2FZSZs%3D&reserved=0> [signature_2008603909] Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Chrisinger, Cory A Sent: Thursday, September 26, 2019 10:33 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Account Lockout Communications Policy Hello, I’m looking for how different organizations handle account compromise notifications to individuals. Due to the Chegg breach we reset 319 accounts towards the end of the day. We do not necessarily have out of band communication methods for affected parties. I’m hesitant to send a notification to an affected email due to tipping off the attackers. The attackers seem to be able to execute additional payload very quickly when they assume the account will be deactivated. We do notify our customer services areas, but overnight a student may not have access until business hours resume. Thoughts, strategies, ideas are appreciated. Thank You, Cory Chrisinger CISO, CISSP ID#581915 Phone: (608) 243-4575 Email: cchrisinger () madisoncollege edu<mailto:cchrisinger () madisoncollege edu> Want to discuss a technology project? Please contact me, or complete the Technology Services Project Request<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmadisoncollege365.sharepoint.com%2Fsites%2Fpwaprod%2FLists%2FPMO%2520Intake%2520Form%2FNewForm.aspx%3FSource%3D%2Fsites%2Fpwaprod%2FPages%2FThank%2520you%2520for%2520your%2520request.aspx&data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C7ca3707c350b417e787f08d74296d1f5%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C637051087863251844&sdata=0HiduhO1bQXVJ4pz2Ycjb2OUz%2BARSCxFsYizCytsP54%3D&reserved=0> form, and we’ll talk! ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C7ca3707c350b417e787f08d74296d1f5%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C637051087863261833&sdata=0ROeoN30pn7T2P%2Fwi%2FhlbSJ01LZEgaAR%2BV653iEX44E%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Account Lockout Communications Policy Chrisinger, Cory A (Sep 26)
- Re: Account Lockout Communications Policy Menne, Michael S (Sep 26)
- Re: Account Lockout Communications Policy Jim A. Bole (Sep 26)
- Re: Account Lockout Communications Policy Barton, Robert W. (Sep 26)