Re: Account Lockout Communications Policy

["Menne, Michael S" <michael.menne () MNSU EDU>]

We notify affected account only after we’ve reset their password and ended all Office 365 sessions.  It’s a sad 
culture, but it’s become common place for our users to reset their password if they are having trouble with their 
account. If they do happen to call into our Service Desk, there is a record of the reset and why in the ticketing 
system.

I have not done any notification or reset concerning the Chegg data breach. I’m debating on whether or not we do any 
notification.  If we do, I need to be careful about the wording as the breach was far beyond our password reset policy, 
so institution passwords would have been changed already multiple times. Our central identity management system 
disables the account once a password has expired. Our Active Directory also sets a password expiration timed to line up 
with the expiration of the Identity Management system.


Michael Menne, CISSP
Chief Information Security Officer
IT Solutions Information Security
Minnesota State University, Mankato
Phone:  (507) 389-5705
www.mnsu.edu/its/security<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mnsu.edu%2Fits%2Fsecurity&data=02%7C01%7Cmichael.menne%40mnsu.edu%7Cc3f4cd9ab99f4649715b08d711fdf18b%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C636997654686922241&sdata=NzHU9kDya1V9tYgnABc4v7zjESJZYry6TOWstB%2FZSZs%3D&reserved=0>

[signature_2008603909]

Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended 
recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or 
distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and 
destroy all copies of the original message.



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Chrisinger, Cory A
Sent: Thursday, September 26, 2019 10:33 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Account Lockout Communications Policy

Hello,

I’m looking for how different organizations handle account compromise notifications to individuals.  Due to the Chegg 
breach we reset 319 accounts towards the end of the day.  We do not necessarily have out of band communication methods 
for affected parties.  I’m hesitant to send a notification to an affected email due to tipping off the attackers. The 
attackers seem to be able to execute additional payload very quickly when they assume the account will be deactivated.  
We do notify our customer services areas, but overnight a student may not have access until business hours resume. 
Thoughts, strategies, ideas are appreciated.


Thank You,

Cory Chrisinger
CISO, CISSP ID#581915
Phone: (608) 243-4575
Email: cchrisinger () madisoncollege edu<mailto:cchrisinger () madisoncollege edu>

Want to discuss a technology project? Please contact me, or complete the Technology Services Project 
Request<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmadisoncollege365.sharepoint.com%2Fsites%2Fpwaprod%2FLists%2FPMO%2520Intake%2520Form%2FNewForm.aspx%3FSource%3D%2Fsites%2Fpwaprod%2FPages%2FThank%2520you%2520for%2520your%2520request.aspx&data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C7ca3707c350b417e787f08d74296d1f5%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C637051087863251844&sdata=0HiduhO1bQXVJ4pz2Ycjb2OUz%2BARSCxFsYizCytsP54%3D&reserved=0>
 form, and we’ll talk!



**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C7ca3707c350b417e787f08d74296d1f5%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C637051087863261833&sdata=0ROeoN30pn7T2P%2Fwi%2FhlbSJ01LZEgaAR%2BV653iEX44E%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community