Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: passworded screen savers with timeouts, do you enforce?
From: Michelle Mueller <muellerm () MTMARY EDU>
Date: Mon, 8 Jan 2007 16:43:21 -0600

We set our screen savers to start and lock at 15 minutes of inactivity.
We have this set campus wide via Active Director Group Policies.  The
users cannot change the setting.  We informed everyone that the setting
is for the security of the college and student's information.    Shortly
after we enable this Group Policy one person said something to the
effect of, "I don't know why we have to do this.  We're not Fort Knox."
I explained that the student information is protected under federal
law.  If someone sat down at her computer while she was away and got
sensitive information the college could be sued and lose all its grant
money.  And that her spending a couple of seconds typing a password was
preferable to that.  I also added that my own password is 15 letters
long and that I lock my computer every time I walk away from my desk.
The nay sayers really don't have a say in the security of our data.  And
if they complain too much, just ask them how they'd feel if a malicious
person got their hands on all their employee data due to someone in HR
leaving a computer logged in and unlocked.

Michelle Mueller
Mount Mary College
Milwaukee, WI





Michael Fox wrote:
Last month I asked for reasons why we should utilize passworded screen
savers and I want to say thanks to everyone that responded.

Now I need to ask if you enforce the screen saver password  lockout and
if you do how do you do it? Also how did you go about getting it past
the nay sayers that don't want to have anything make them type their
password in more than once a day.

Any help would be appreciated.

Thanks for the help.

Mike

Mike Fox
Georgia Southern University
Information Technology Services
Office of Information Security
mfox () georgiasouthern edu
(912)871-1592

Jeremiah 29:11-16

NOTE: This email message is intended only for the named recipient(s)
above
and may contain information that is privileged, confidential, and or
exempt
from disclosure under applicable law. If you have received this message
in
error, or are not the named recipient(s), please immediately contact
the
sender and delete this email message.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]