Educause Security Discussion mailing list archives
Practices for student employees resetting faculty/staff
From: Velislav K Pavlov <VelislavPavlov () FERRIS EDU>
Date: Wed, 18 Feb 2015 16:25:29 +0000
Good morning, We are debating whether to allow student employees at our IT Service Desk to reset University account passwords for faculty and staff or not. There are FERPA considerations, which can't be ignored and resource limitations, which can be compensated by leveraging student employee assistance. What is your security practice when it comes to account password resets done by student employees? If you allowed student employees to reset passwords, what controls did you put in place to assure proper authorization, authentication, accountability, confidentiality, and audit of the activities? Thank you for the consideration. Vel Pavlov | IT Security Analyst M.Sc., CISSP, C|EH, C)PTE, Security+, ITIL, A+ Big Rapids, MI 49307 Phone (231)-591-5613 VelPavlov () ferris edu<mailto:VelPavlov () ferris edu> [cid:image001.png@01D04B6D.98A5DE30] Notice:This email message and any attachments are for the confidential use of the intended recipient. If that isn't you, please do not read the message or attachments, or distribute or act in reliance on them. If you have received this message by mistake, please immediately notify us and delete this message and any attachments. Thank you.
Current thread:
- Practices for student employees resetting faculty/staff Velislav K Pavlov (Feb 18)
- <Possible follow-ups>
- Re: Practices for student employees resetting faculty/staff Frances O'Connor (Feb 18)