Main Nav

Greetings,

I'm trying to make the case for implementing a mandatory locking screensaver on our office workstations/laptops (faculty and administrative staff). It would be done in the usual way: after some period (15, 20, 30 minutes TBD) of idle time, the system would invoke the screen saver, and to restore the screen and continue working, the user would have to enter his or her password. Reaction has been mixed (as I expected), and the usual question has come up: "well, what do other universities do?"

So....
  1. Do you implement a mandatory locking screen saver on your staff and/or faculty computers?
  2. If so, do you do so for all staff/faculty, or just certain groups (and what are those groups)?
  3. If so, how long is your timeout before the screensaver starts?

Thanks,

--Dave


--

DAVID A. CURRY, CISSP • DIRECTOR OF INFORMATION SECURITY

THE NEW SCHOOL • 55 W. 13TH STREET • NEW YORK, NY 10011

+1 212 229-5300 x4728 • david.curry@newschool.edu


Comments

Message from dwscott@fhu.edu

1. Yes, we implement a mandatory locking screen saver on staff computers via Windows Group Policy.
2. We only implement it for departments dealing with financial and sensitive student information (Business office, admissions, etc.)
3. We implement a lockout at 20 minutes.


David,

1. Franklin University imposes a mandatory locking screen saver through GPO on all University-owned computers.

2. We do this regardless of account type: faculty, staff, consultant, student, library visitor, you name it. We have an exception for classroom instructor PCs that drive projection systems and the PC in our main auditorium connected to a projector. Our mandatory locking policy also applies to laptops which also require whole-disk encryption.

3. As for how long, we settled on 15 minutes to satisfy PCI requirements. Hey, it's easy to blame it on the credit card industry!

Clifford A. Collins
Information Security Officer
Franklin University
201 South Grant Avenue
Columbus, Ohio 43215
"Security is a process, not a product"

From: "David Curry" <david.curry@NEWSCHOOL.EDU>
To: SECURITY@LISTSERV.EDUCAUSE.EDU
Sent: Thursday, October 4, 2012 12:05:52 PM
Subject: [SECURITY] Automatic timeout to locking screensaver

Greetings,

I'm trying to make the case for implementing a mandatory locking screensaver on our office workstations/laptops (faculty and administrative staff). It would be done in the usual way: after some period (15, 20, 30 minutes TBD) of idle time, the system would invoke the screen saver, and to restore the screen and continue working, the user would have to enter his or her password. Reaction has been mixed (as I expected), and the usual question has come up: "well, what do other universities do?"

So....
  1. Do you implement a mandatory locking screen saver on your staff and/or faculty computers?
  2. If so, do you do so for all staff/faculty, or just certain groups (and what are those groups)?
  3. If so, how long is your timeout before the screensaver starts?

Thanks,

--Dave


--

DAVID A. CURRY, CISSP • DIRECTOR OF INFORMATION SECURITY

THE NEW SCHOOL • 55 W. 13TH STREET • NEW YORK, NY 10011

+1 212 229-5300 x4728 • david.curry@newschool.edu


We do on all computer systems......admin and instruction.....15 minutes on admin, and we just changed instruction to 30 minutes.... M David Scott <dwscott@FHU.EDU> wrote:
1. Yes, we implement a mandatory locking screen saver on staff computers via Windows Group Policy.
2. We only implement it for departments dealing with financial and sensitive student information (Business office, admissions, etc.)
3. We implement a lockout at 20 minutes.


Weber State University
 
1. Yes, All users must have an auto-locking feature enabled, which requires a password to unlock.
           We do not use the term screen saver, so that power options can satisfy the requirement.
2. We require this on all faculty and staff workstations; exceptions are computer labs, public library systems, e-kiosk etc .
3. We recommend activation after 10 min. of idle time, but the standard is 20 minutes or less.
 
We also recommend that you physically lock your office door (if you have a door) should you leave your work area unattended, or manually lock your system as you leave your work area.
 
louis

On 10/4/2012 at 10:05 AM, in message <CA+d9XAPU22J7=umXcAcJKcXcg1uUNY34tevdjb=Kq2xKBZ1G3g@mail.gmail.com>, David Curry <david.curry@NEWSCHOOL.EDU> wrote:
Greetings,

I'm trying to make the case for implementing a mandatory locking screensaver on our office workstations/laptops (faculty and administrative staff). It would be done in the usual way: after some period (15, 20, 30 minutes TBD) of idle time, the system would invoke the screen saver, and to restore the screen and continue working, the user would have to enter his or her password. Reaction has been mixed (as I expected), and the usual question has come up: "well, what do other universities do?"

So....
  1. Do you implement a mandatory locking screen saver on your staff and/or faculty computers?
  2. If so, do you do so for all staff/faculty, or just certain groups (and what are those groups)?
  3. If so, how long is your timeout before the screensaver starts?

Thanks,

--Dave


--

DAVID A. CURRY, CISSP • DIRECTOR OF INFORMATION SECURITY

THE NEW SCHOOL • 55 W. 13TH STREET • NEW YORK, NY 10011

+1 212 229-5300 x4728 • david.curry@newschool.edu


Message from aperry@murraystate.edu

We recently instituted a Domain-wide 30 minute password-protected screensaver lock for all systems. There was a lot of fight over it until we actually did it. Few people have noticed. :) We plan on decreasing it in 5 minute increments over several months down to 15 minutes. PCI was our overall justification as well.

Drew Perry
Security Analyst
Murray State University
(270) 809-4414
aperry@murraystate.edu

***MSU Information Systems staff will never ask for your password or other confidential information via email.***




We are currently implementing a requirement for the use of locking screensavers. What I hadn't appreciated is that some screensavers are transparent and so do not hide what is on the screen (for instance OSX has a bubble screen saver that does this).

You may also want to ensure that no transparent screensavers are allowed.

Mark



On 5/10/2012 5:05 a.m., David Curry wrote:
Greetings,

I'm trying to make the case for implementing a mandatory locking screensaver on our office workstations/laptops (faculty and administrative staff). It would be done in the usual way: after some period (15, 20, 30 minutes TBD) of idle time, the system would invoke the screen saver, and to restore the screen and continue working, the user would have to enter his or her password. Reaction has been mixed (as I expected), and the usual question has come up: "well, what do other universities do?"

So....
  1. Do you implement a mandatory locking screen saver on your staff and/or faculty computers?
  2. If so, do you do so for all staff/faculty, or just certain groups (and what are those groups)?
  3. If so, how long is your timeout before the screensaver starts?

Thanks,

--Dave


--

DAVID A. CURRY, CISSP • DIRECTOR OF INFORMATION SECURITY

THE NEW SCHOOL • 55 W. 13TH STREET • NEW YORK, NY 10011

+1 212 229-5300 x4728 • david.curry@newschool.edu



-- Mark Borrie Information Security Manager, Information Technology Services, University of Otago, Dunedin, N.Z. Ph +64 3 479-8395, Fax +64 3 479-8813
Close
Close


EDUCAUSE Connect
View dates and locations

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

EDUCAUSE Institute
Leadership/Management Programs
Explore More

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.