Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Automatic timeout to locking screensaver
From: Clifford Collins <collinsc () FRANKLIN EDU>
Date: Thu, 4 Oct 2012 12:26:12 -0400

David, 

1. Franklin University imposes a mandatory locking screen saver through GPO on all University-owned computers. 

2. We do this regardless of account type: faculty, staff, consultant, student, library visitor, you name it. We have an 
exception for classroom instructor PCs that drive projection systems and the PC in our main auditorium connected to a 
projector. Our mandatory locking policy also applies to laptops which also require whole-disk encryption. 

3. As for how long, we settled on 15 minutes to satisfy PCI requirements. Hey, it's easy to blame it on the credit card 
industry! 

Clifford A. Collins 
Information Security Officer 
Franklin University 
201 South Grant Avenue 
Columbus, Ohio 43215 
"Security is a process, not a product" 

----- Original Message -----
From: "David Curry" <david.curry () NEWSCHOOL EDU> 
To: SECURITY () LISTSERV EDUCAUSE EDU 
Sent: Thursday, October 4, 2012 12:05:52 PM 
Subject: [SECURITY] Automatic timeout to locking screensaver 

Greetings, 


I'm trying to make the case for implementing a mandatory locking screensaver on our office workstations/laptops 
(faculty and administrative staff). It would be done in the usual way: after some period (15, 20, 30 minutes TBD) of 
idle time, the system would invoke the screen saver, and to restore the screen and continue working, the user would 
have to enter his or her password. Reaction has been mixed (as I expected), and the usual question has come up: "well, 
what do other universities do?" 


So.... 


    1. Do you implement a mandatory locking screen saver on your staff and/or faculty computers? 
    2. If so, do you do so for all staff/faculty, or just certain groups (and what are those groups)? 
    3. If so, how long is your timeout before the screensaver starts? 





Thanks, 

--Dave 




-- 

DAVID A. CURRY, CISSP • DIRECTOR OF INFORMATION SECURITY 

THE NEW SCHOOL • 55 W. 13TH STREET • NEW YORK, NY 10011 

+1 212 229-5300 x4728 • david.curry () newschool edu 



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]