Home page logo

educause logo Educause Security Discussion mailing list archives

Authorizing password changes in a health science center
From: David Grisham <DGrisham () SALUD UNM EDU>
Date: Tue, 13 Feb 2007 13:40:21 -0700

The hospital has for a long time required a facsimile of the identification badge each time a password change is 
requested.  It is a new century end programs like Photoshop presented a new risk to that process.  We do not want to 
ask for personal information on any email or phone call request.  (Our staff could be around others who might take 
advantage of that information, if overheard)
We have added password challenge questions for half of our systems.  The patient systems cannot be placed into a web 
page challenge at this time.  What do your account groups do to verify the identity of some one needing a password 
change to systems with confidential information?

Cheers. -grish
David D. Grisham, Ph.D., CISM, CHS, CHSP
Manager, IT Security, UNM Hospitals, Information Technology
1650 University Blvd, S.500, Albuquerque, NM 87102
Ph: (505) 272-5657 FAX 272-3305
Work email: dgrisham () salud unm edu 
Adjunct Faculty, Computer Science, UNM
Academic & personal email: dave () unm edu 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]