Profile

CommunityPlatform_1350x900.jpg

Chris Gregg

Edit My Profile

My Content

1 to 20 of 50+ total

Specific Policy Language for Law Faculty or Law Clinics

Posted By Chris Gregg 11-25-2024 06:41:24 AM
Found In Egroup: Privacy \ view thread
Do any of you have specific policy language for law faculty who are working at a university sponsored legal clinic or working as attorneys professionally? I am specifically wondering about extra provisions, or additional processes that must be adhered to when it comes to possible review of content (e-mail, ...

RE: Identity Verification Process for MFA resets

Posted By Chris Gregg 11-05-2024 07:29:43 AM
Found In Egroup: Identity and Access Management \ view thread
We've experienced similar social engineering attacks here. There just isn't a great set of data points we can ask someone over the phone that isn't available to would be attackers. I believe Duo has a way to push a code to the app, but we're a Microsoft MFA shop and that is not an option (as far as we ...

RE: Internal Analytics and Privacy Considerations

Posted By Chris Gregg 11-05-2024 05:46:41 AM
Found In Egroup: Privacy \ view thread
Thanks Pegah! The committee concept sounds like a good one. I would be interested in your sharing guidelines. Those kinds of scenarios have been popping up regularly lately. We have been pushing back on some and trying to educate campus where we can, but it is a culture shift. Thanks, Ch ...

RE: Internal Analytics and Privacy Considerations

Posted By Chris Gregg 11-04-2024 03:20:56 PM
Found In Egroup: Privacy \ view thread
Thanks Mark. I agree 100%. Operationalizing that is the tricky part. Chris

RE: Internal Analytics and Privacy Considerations

Posted By Chris Gregg 11-04-2024 02:50:57 PM
Found In Egroup: Privacy \ view thread
Just throwing this one out there again. I didn't get any responses the first time. I am not sure if that means we are unique in this space. Maybe we are being overly concerned? We have another request for a student success/retention tool from one of our colleges and this issue is coming up again. ...

RE: CIO: MFA Enforcement

Posted By Chris Gregg 09-05-2024 07:44:34 AM
Found In Egroup: CIO \ view thread
We require MFA for all of accounts, including newly admitted students. Constituents are required to setup MFA during the account claim process, which comes shortly after they are admitted. Many of the applicant and early admitted steps are handled in our Salesforce based admissions portal which uses ...

RE: Managing affiliate/non-university accounts

Posted By Chris Gregg 08-23-2024 10:19:25 AM
Found In Egroup: Identity and Access Management \ view thread
We have a "Courtesy Access" process where existing staff can request accounts for non-employees. The request goes to HR first for entering into Banner and proper vetting, and then depending on the sub-type of user (Independent Contractor, Agency Temp, Volunteer, etc.) services are granted. Some get ID ...

Internal Analytics and Privacy Considerations

Posted By Chris Gregg 08-20-2024 08:27:00 AM
Found In Egroup: Privacy \ view thread
Hi All, I am curious if anyone here has some good advice for how they are handling the growing use of tools and analytics to combine internal data sources for better analytic and predictive uses. Universities are under increased pressure to recruit and retain students, and in some cases report ...

RE: Student employees resetting passwords

Posted By Chris Gregg 08-12-2024 07:47:55 AM
Found In Egroup: Identity and Access Management \ view thread
At our institution all employees, including student workers, sign a document called the "Privileged Access and Confidentiality Agreement" upon employment. This is handled by HR as part of the employee onboarding process. The document covers a variety of topics related to information an employee might ...

RE: Rolling MFA Out to Students

Posted By Chris Gregg 08-09-2024 09:46:02 AM
Found In Egroup: Cybersecurity \ view thread
It's been about two weeks since the change so we're still learning what those are. There has definitely been a sharp uptick in tickets to the help desk. Most are being resolved quickly, but setting up the Authenticator App seems to be a challenge for a number of users. Certainly more complicated than ...

RE: Rolling MFA Out to Students

Posted By Chris Gregg 08-07-2024 01:55:21 PM
Found In Egroup: Cybersecurity \ view thread
We've been using Microsoft MFA for about 6-7 years now for all constituents (faculty, staff and students). We phased in the initial implementation in groups, largely by class over about a 6 month period initially. We did a big communication push and let them that all sophomores would go on X date, all ...

RE: Student Medical Records - FERPA or HIPPA

Posted By Chris Gregg 05-15-2024 10:14:00 AM
Found In Egroup: Privacy \ view thread
Good discussion on a confusing topic on many campuses, including ours. I would think one of the biggest distinctions between HIPAA and FERPA, and perhaps reason to classify the data as FERPA if possible, would be the reporting and notification requirements in the case of an incident or breach. ...

RE: Policy for lost or broken equipment

Posted By Chris Gregg 03-01-2024 05:33:00 AM
Found In Egroup: CIO \ view thread
+1. This is what we do as well. Chris Chris Gregg Associate Vice President of Information Security & Risk Management, CISO Innovation & Technology Services (ITS) csgregg@stthomas.edu p 1 (651) 962-6265 University of St. Thomas | stthomas.edu

Google Consent Mode V2 & Cookie Banners

Posted By Chris Gregg 01-25-2024 02:55:00 PM
Found In Egroup: Privacy \ view thread
Apologies if this has been covered but I didn't see anything in the archives. How are you preparing for the new Google Consent Mode V2 that is coming in March 2024? The new rules will change how Google Analytics data is collected and for us one of the biggest changes appears to be a requirement for a ...

RE: Domain Name collecting

Posted By Chris Gregg 01-24-2024 09:01:00 AM
Found In Egroup: CIO \ view thread
We're not grabbing adjacent domains at this time. We've decided that is too much of a whack-a-mole game given all of the TLD's and possible spelling variations. Chris Chris Gregg Associate Vice President of Information Security & Risk Management, CISO Innovation & Technology ...

RE: Bing Chat ( Microsoft Copilot)

Posted By Chris Gregg 01-19-2024 07:38:00 AM
Found In Egroup: Cybersecurity \ view thread
We have not blocked Bing Chat or any of the specific AI sites/tools at this point. We have shared some initial guidance about using AI tools safely and properly with some early adopters, and are in the process of re-sharing that more broadly with campus. Another thing we are pointing out in the process ...

RE: Best Practices Regarding Purchasing Thresholds

Posted By Chris Gregg 01-03-2024 09:09:00 AM
Found In Egroup: CIO \ view thread
We have a fairly new technology intake process in place here, and cost is just one component of the equation. We're trying to cast a wide net now, and may refine things as we go since we probably don't have the capacity to thoroughly review everything. The current examples we list on Technology ...

RE: Otter.ai

Posted By Chris Gregg 11-01-2023 09:43:00 AM
Found In Egroup: Cybersecurity \ view thread
I need to look into this myself, but does the BAA for HIPAA apply to you entire Zoom environment? We have one as well and it was my understanding that we have a separate instance for that and the BAA applies to only that "HIPAA" instance. Chris Chris Gregg Associate Vice President ...

RE: Otter.ai

Posted By Chris Gregg 10-31-2023 07:54:00 AM
Found In Egroup: Cybersecurity \ view thread
Funny you mention that. Last week we were discussing our stance on the new Zoom AI features and whether we wanted to enable them. And then just yesterday I was in a meeting where a colleague used Otter.ai to take notes. It turns out our Zoom admins had allowed the plugin quite awhile ago and we have ...

RE: Compliant Communication Platforms (VOIP, Zoom, Teams..)

Posted By Chris Gregg 09-06-2023 09:28:00 AM
Found In Egroup: Regulated Information Security Compliance \ view thread
We'd be interested in hearing more about this as well. Chris Chris Gregg Associate Vice President of Information Security & Risk Management, CISO Innovation & Technology Services (ITS) csgregg@stthomas.edu p 1 (651) 962-6265 University of St. Thomas | stthomas.edu