Educause Security Discussion mailing list archives

Re: Emeritus faculty privileges question

From: Paul Chauvet <chauvetp () NEWPALTZ EDU>
Date: Mon, 13 Jul 2020 19:10:44 +0000

Hello Charles,

As soon as HR is notified about a retirement or other departure, they notify IT & we send an automated notice to the 
retiree.  This notice lets them know that they are responsible for downloading any files that they need (along with a 
list of what data is considered sensitive that they should not download/preserve).  The only things we really allow 
them to keep are email, access to the wireless network with personal devices, and access to library resources.  Other 
systems are not allowed and they are not allowed to keep any college owned hardware (with the only exception being if 
they do not have a smartphone they can keep their Yubikey which is their second factor for Duo MFA).

In the case of keeping access - it is not a right it is a privilege.  Access is only granted if there is no objection 
from HR

My response for New Paltz is below:


  *   Are your Emeritus faculty allowed to keep their laptops and desktops?
     *   No (a week or two extension to keep access is occasionally granted to save anything that they need)
  *   If this equipment is allow to be kept, are they removed from your institution's AD domain?
     *   Not applicable for us
  *   Are you reimaging these devices and removing them from your institution's AD domain?
     *   Yes
  *   What level of support and software are you offering?
     *   Username/password reset (including for Duo MFA) but no technical support beyond that
  *   Are you allowing the Emeritus faculty access to their home directories?
     *   No
  *   Are you allowing the Emeritus faculty access to department directories?
     *   No
  *   Are you allowing the Emeritus faculty access to research directories?
     *   No
  *   Are you allowing the Emeritus faculty access to their email, etc?
     *   Yes



Paul Chauvet, CISSP
Information Security Officer
State University of New York at New Paltz
845-257-3828
chauvetp () newpaltz edu<mailto:chauvetp () newpaltz edu>
[cid:image001.png@01D65927.C70F3EB0]

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Davidson, Charles
Sent: Friday, July 10, 2020 12:26 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Emeritus faculty privileges question

CAUTION: Message from a non-New Paltz email server. Treat message, links, and attachments with extra caution.

Hello,

Recently retirement packages for our faculty were sweetened by offering Emeritus Faculty status. Emeritus faculty are 
provided the same access to their data and equipment as if they were still working for our institution. This is causing 
our IT to have to rethink security, support, access and privileges for these users. How is your organization dealing 
with the following concerns and how you are mitigating the risks involved?

  *   Are your Emeritus faculty allowed to keep their laptops and desktops?
  *   If this equipment is allow to be kept, are they removed from your institution's AD domain?
  *   Are you reimaging these devices and removing them from your institution's AD domain?
  *   What level of support and software are you offering?
  *   Are you allowing the Emeritus faculty access to their home directories?
  *   Are you allowing the Emeritus faculty access to department directories?
  *   Are you allowing the Emeritus faculty access to research directories?
  *   Are you allowing the Emeritus faculty access to their email, etc?
Answering any or all of the above questions would great help in our planning. We are very interested in hearing if 
anyone has found a good solution.

Thanks,
Charlie

Charles Davidson, CISSP
Information Security Engineer
p: (508) 831-6250
[1518278940442_worcester-polytechnic-institute_2014-06-05_14-10-50.981.png]
Worcester Polytechnic Institute * Information Technology

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Current thread:

Emeritus faculty privileges question Davidson, Charles (Jul 10)
- Re: Emeritus faculty privileges question Mark Reboli (Jul 10)
- Re: Emeritus faculty privileges question Paul Chauvet (Jul 13)
  - Re: Emeritus faculty privileges question Frank Barton (Jul 14)
    - Re: Emeritus faculty privileges question Scott Norton (Jul 14)
    - Re: Emeritus faculty privileges question Paul Chauvet (Jul 14)
    - Re: Emeritus faculty privileges question Paul Chauvet (Jul 14)