Home page logo

educause logo Educause Security Discussion mailing list archives

Regulatory Compliance / User Training / Identity Confirmation
From: Anthony Maszeroski <maszeroskia3 () SCRANTON EDU>
Date: Fri, 21 Nov 2008 14:41:56 -0500

Before everyone falls into the haze of post-Thanksgiving Day dinner, I'd
like to throw some questions to the group :

1.) Has anyone had any experience, positive or negative, with bringing
in external consultants to provide the user training
recommended/mandated by the various regulations we are subject to (FTC
"Red Flag"/HIPAA/FERPA/GLBA/PATRIOT/etc.)? If so, who did you use? If
not, how did you tackle this in-house?

2.) Is anyone using a service (e.g., Acxiom FactCheck-X) to provide
identity confirmation for distance learning students? Are you happy with
the service?

3.) If I'm interpreting the proposed new FERPA regulations correctly,
the days of formulaic initial passwords derived from an individual's
D.O.B. and/or SSN are numbered (no pun intended). For institutions that
have already been down this road, have you moved to random initial
passwords? If so, how do you distribute them? We'd like to avoid paper
mailings if at all possible and instead distribute them electronically
with an identity confirmation system front-end similar to the one
utilized at AnnualCreditReport.com. The problem is finding enough data
on a new student that can be mined to populate the question/answer

- Anthony Maszeroski, CCNA
Information Security Manager
The University of Scranton
email : maszeroskia3 () scranton edu
phone : 570-941-4226

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]