Re: Banner Parent Proxy

[Uday Kiran <ukiran () HCT AC AE>]

We have not implemented this TBH, however, let me give you my 2c on this & I am not in USA to be an expert in a few 
privacy laws, but;


  1.  This portal is accessed by parents and as per FERPA act and College data privacy rules it is who Student decides 
what needs to be published in the proxy portal.
  2.  MFA can be implemented but you need to check if non-WSU users can be supported. And student need to give the 
parent’s email ID to enter into the system, validation should be done as per the student’s records if the person 
logging in is really a parent/guardian.
  3.  General Counsel department needs to vet the controls we have put in for this portal as per FERPA.

Regards,

Uday Kiran
Snr Spl – Information Security
Office of Dir. Digital Technologies

اوداي كيران

أخصائي أول - أمن المعلومات

تكنولوجيا المعلومات



[Main logo]

Direct.: 9712 206 1182
Mobile: +971 56 501 1182
Email: ukiran () hct ac ae<mailto:ukiran () hct ac ae>
P.O.Box: 25026, Abu Dhabi, United Arab Emirates



www.hct.ac.ae<http://www.hct.ac.ae>

[Facebook]<https://www.facebook.com/hctuae>

[Twitter]<https://twitter.com/HCT_UAE>

[Instagram]<https://www.instagram.com/HCT_UAE/>

[YouTube]<https://www.youtube.com/user/hctuae>




[signature_1825871582]

[Enviromental] Please consider the environment before printing this email

This Email and any attachments may contain HCT confidential and privileged information.If you are not the intended 
recipient, please notify the sender immediately by return email, delete this email and destroy any copies. Any 
dissemination or use of this information by a person other than the intended recipient is unauthorized and may be 
illegal. Unless otherwise stated, opinions expressed in this email are those of the author and are not endorsed by the 
author's employer.




Uday Kiran
Senior Specialist - Information Security
Office of Dir. Digital Technologies
اوداي كيران
أخصائي أول - أمن المعلومات
تكنولوجيا المعلومات


[Main logo]     Direct.: 9712 206 1182
Mobile: +971 56 501 1182
Email: ukiran () hct ac ae<mailto:ukiran () hct ac ae>
P.O.Box: 25026, Abu Dhabi, United Arab Emirates

        www.hct.ac.ae<http://www.hct.ac.ae>
[Facebook]<https://www.facebook.com/hctuae>     [Twitter] <https://twitter.com/HCT_UAE>         [Instagram] 
<https://www.instagram.com/HCT_UAE/>        [YouTube] <https://www.youtube.com/user/hctuae>


[https://cdn.hct.ac.ae/signature_logo/email_signature-healthy-hct.jpg]
[Enviromental]  Please consider the environment before printing this email
This Email and any attachments may contain HCT confidential and privileged information.If you are not the intended 
recipient, please notify the sender immediately by return email, delete this email and destroy any copies. Any 
dissemination or use of this information by a person other than the intended recipient is unauthorized and may be 
illegal. Unless otherwise stated, opinions expressed in this email are those of the author and are not endorsed by the 
author's employer.


From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Garrett McManaway 
<garrett.mcmanaway () WAYNE EDU>
Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Tuesday, 9 February 2021 at 8:34 PM
To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Banner Parent Proxy

"External Email: This email is from 'external source'. If you see this as suspicious then please forward the email to 
infosec () hct ac ae and do not respond to this email"
________________________________
All,

We are going to be rolling out the Parent Proxy feature in Banner and I have a few questions for anyone that is 
currently using the product. We were brought in late to the discussion about this one and trying to get some quick 
answers before it goes live.


  1.  Is anyone using MFA for the proxy user login? And if so, are you using Duo? I am not entirely sure our license 
covers this but I am also not sure I want to supporting non-WSU accounts.
  2.  It looks like the only thing required to give someone proxy access is a valid email, has anyone put something in 
place to validate the proxy user is an actual parent or guardian?
  3.  Is this something your IT teams would instinctively consult general counsel about for any FERPA issues?

The last question might be a discussion all on its own. No one in our IT team or the business partners working on 
rolling this out thought to ask “we can, but should we?” until I was involved. It the issue in the second question that 
concerns me. I know part of the reason my team and myself are here is to identify those concerns ask that question when 
we reviewing projects but I also know I cannot review 100% of our applications due to time and resource constraints.

Garrett McManaway
CISO & Sr. Director
C&IT - Information Security and Compliance
Wayne State University
Phone: 313-577-3454


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cukiran%40HCT.AC.AE%7C1f2b8b6e7c8d4839ef1f08d8cd188363%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637484852454060633%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=nyGw0Ly7lLA39oWL1445K97q6tCf7LJWoS1mMGPLvCg%3D&reserved=0>

________________________________

The information in this email and any attachments are confidential and solely for the use of the individual or entity 
to whom it is addressed to and authorized to receive it. If you are not the intended recipient, be advised that you 
have received this email in error and that any use, disclosure, copying, distribution or taking any action in reliance 
on the content of this information is strictly prohibited and may be unlawful. If you have received this email in 
error, please delete along with any attachments and inform the Higher Colleges of Technology immediately at disclaimer 
() hct ac ae. We do not guarantee the integrity of any emails or attachments and are not responsible for any changes 
made to them by any other person.

تعتبر المعلومات الواردة في هذا البريد الإلكتروني وأياً من مرفقاته سرية وتخص المستلم المعني أو الاشخاص المصرح لهم 
باستلامه، فإذا لم تكن المستلم المقصود، فيرجى العلم بأنك قد استلمت هذا البريد الإلكتروني عن طريق الخطأ ويمنع منعاً باتاً 
الاستفادة منه أو افشاء محتواه أو توزيعه. وفي حال استلام بريد إلكتروني عن طريق الخطأ، يرجى حذفه مع مرفقاته وإخطار كليات 
التقنية العليا فوراً على البريد الإلكتروني التالي: disclaimer () hct ac ae. كما أننا لا نضمن سلامة أي بريد إلكتروني أو 
مرفقاته، ولسنا مسؤولين عن أية تعديلات عليها من قبل أي شخص آخر.

________________________________

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community