Re: Emeritus faculty privileges question

[Frank Barton <bartonf () HUSSON EDU>]

For all of you that maintain emeritus access at any level, who is the
"point" person on campus that keeps track of them, and lets you know when
they pass so that you can close out the legacy access?

Frank

On Mon, Jul 13, 2020 at 3:10 PM Paul Chauvet <chauvetp () newpaltz edu> wrote:

> Hello Charles,
>
>
>
> As soon as HR is notified about a retirement or other departure, they
> notify IT & we send an automated notice to the retiree.  This notice lets
> them know that they are responsible for downloading any files that they
> need (along with a list of what data is considered sensitive that they
> should not download/preserve).  The only things we really allow them to
> keep are email, access to the wireless network with personal devices, and
> access to library resources.  Other systems are not allowed and they are
> not allowed to keep any college owned hardware (with the only exception
> being if they do not have a smartphone they can keep their Yubikey which is
> their second factor for Duo MFA).
>
>
>
> In the case of keeping access – it is not a right it is a privilege.
> Access is only granted if there is no objection from HR
>
> My response for New Paltz is below:
>
>
>
>    - Are your Emeritus faculty allowed to keep their laptops and desktops?
>       - No (a week or two extension to keep access is occasionally
>       granted to save anything that they need)
>    - If this equipment is allow to be kept, are they removed from your
>    institution's AD domain?
>       - Not applicable for us
>    - Are you reimaging these devices and removing them from your
>    institution's AD domain?
>       - Yes
>    - What level of support and software are you offering?
>       - Username/password reset (including for Duo MFA) but no technical
>       support beyond that
>    - Are you allowing the Emeritus faculty access to their home
>    directories?
>       - No
>    - Are you allowing the Emeritus faculty access to department
>    directories?
>       - No
>    - Are you allowing the Emeritus faculty access to research directories?
>       - No
>    - Are you allowing the Emeritus faculty access to their email, etc?
>       - Yes
>
>
>
>
>
>
>
> Paul Chauvet, CISSP
>
> Information Security Officer
>
> State University of New York at New Paltz
>
> 845-257-3828
>
> chauvetp () newpaltz edu
>
>
>
> *From:* The EDUCAUSE Security Community Group Listserv <
> SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Davidson, Charles
> *Sent:* Friday, July 10, 2020 12:26 PM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* [SECURITY] Emeritus faculty privileges question
>
>
>
> *CAUTION: *Message from a non-New Paltz email server. Treat message,
> links, and attachments with extra caution.
>
>
>
> Hello,
>
>
>
> Recently retirement packages for our faculty were sweetened by offering
> Emeritus Faculty status. Emeritus faculty are provided the same access to
> their data and equipment as if they were still working for our institution.
> This is causing our IT to have to rethink security, support, access and
> privileges for these users. How is your organization dealing with the
> following concerns and how you are mitigating the risks involved?
>
>    - Are your Emeritus faculty allowed to keep their laptops and desktops?
>    - If this equipment is allow to be kept, are they removed from your
>    institution's AD domain?
>    - Are you reimaging these devices and removing them from your
>    institution's AD domain?
>    - What level of support and software are you offering?
>    - Are you allowing the Emeritus faculty access to their home
>    directories?
>    - Are you allowing the Emeritus faculty access to department
>    directories?
>    - Are you allowing the Emeritus faculty access to research directories?
>    - Are you allowing the Emeritus faculty access to their email, etc?
>
> Answering any or all of the above questions would great help in our
> planning. We are very interested in hearing if anyone has found a good
> solution.
>
>
>
> Thanks,
>
> Charlie
>
>
>
> *Charles Davidson, CISSP*
>
> Information Security Engineer
>
> *p:* (508) 831-6250
>
> [image:
> 1518278940442_worcester-polytechnic-institute_2014-06-05_14-10-50.981.png]
>
> *Worcester Polytechnic Institute **•** Information Technology*
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community


-- 
Frank Barton, MBA
Security+, ACMT, MCP
IT Systems Administrator
Husson University
PGP Key Fingerprint: 0249DC644EC78D2F6B5CD2C6C94D3EDB57946437

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community