Profile

CommunityPlatform_1350x900.jpg

John Bandy D

Edit My Profile


My Content

1 to 19 of 19 total
Posted By John Bandy 05-10-2024 08:57:00 AM
Found In Egroup: NIST 800-171 Compliance
\ view thread
We set our lockouts to auto unlock in an hour. This helps most people on the weekends or after hours (although we do have contracted support if that happens). I find that the bad actor will "go away" with this type of auto unlock timing. I have to assume once the attacker gets a lockout response over ...
Posted By John Bandy 03-11-2024 08:46:00 AM
Found In Egroup: Cybersecurity
\ view thread
Not sure if this is just for your IT dept or across the organization. We went with Secret Server that solved two issues: PAM and a consolidated IT only PW Manager. John Bandy, MSISA, CISSP Chief Information Security Officer 205-726-2692 | office JBandy@Samford.Edu www.samford.edu 800 Lakeshore Drive, ...
Posted By John Bandy 09-28-2023 11:43:00 AM
Found In Egroup: Cybersecurity
\ view thread
If you know of anyone who might be interested in this position, please pass this along to them. This is a direct report to my position (CISO) and a key position in leadership on our team. https://www.schooljobs.com/careers/samford/jobs/4219114/senior-information-security-analyst ------------------------------ ...
Posted By John Bandy 09-28-2023 11:42:00 AM
Found In Egroup: Small Colleges
\ view thread
If you know of anyone who might be interested in this position, please pass this along to them. This is a direct report to my position (CISO) and a key position in leadership on our team. https://www.schooljobs.com/careers/samford/jobs/4219114/senior-information-security-analyst ------------------------------ ...
Posted By John Bandy 06-28-2023 12:36:00 PM
Found In Egroup: Small Colleges
\ view thread
I won't make it. Taking the time to have out first meeting with approrpiate stakeholders related to this incident. John Bandy, MSISA, CISSP Chief Information Security Officer 205-726-2692 | office JBandy@Samford.Edu www.samford.edu 800 Lakeshore Drive, Birmingham, AL 35229
Posted By John Bandy 04-26-2023 01:45:00 PM
Found In Egroup: Small Colleges
\ view thread
Wouldn't let me in without a Berry ID. Was thsi meeting recorded? John Bandy, MSISA, CISSP Chief Information Security Officer 205-726-2692 | office JBandy@Samford.Edu www.samford.edu 800 Lakeshore Drive, Birmingham, AL 35229
Posted By John Bandy 03-07-2023 06:22:00 AM
Found In Egroup: CIO
\ view thread
Our retirees keep them for life. We do protect them with DUO John Bandy, MSISA, CISSP Chief Information Security Officer 205-726-2692 | office JBandy@Samford.Edu www.samford.edu 800 Lakeshore Drive, Birmingham, AL 35229
Posted By John Bandy 01-19-2023 08:05:00 AM
Found In Egroup: Cybersecurity
\ view thread
I would be careful on suggesting Shopify will keep you out of PCI compliance. They still require you to be the Merchant of Record. We tried for over a year with multiple of their processors and not a single one would agree to be the merchant of record. By being the merchant of record this means you are ...
Posted By John Bandy 12-20-2022 11:16:00 AM
Found In Egroup: Cybersecurity
\ view thread
We deny access to the network, let the Service Desk know (so they are aware when the student calls in) and require them to reimage (normally performed by our Service Desk). John Bandy, MSISA, CISSP Chief Information Security Officer 205-726-2692 | office JBandy@Samford.Edu www.samford.edu ...
Posted By John Bandy 10-26-2022 06:15:00 AM
Found In Egroup: Cybersecurity
\ view thread
What we do to vet software in O365. We use the following guidelines: We only approve apps that only ask for User authentication (no access to mail, calendars, contacts or data) unless we have contracted with the vendor We have a canned response of: Due to security concerns, Samford University ...
Posted By John Bandy 09-27-2022 11:16:00 AM
Found In Egroup: CIO
\ view thread
+1 for Samford
Posted By John Bandy 09-22-2022 07:37:00 AM
Found In Egroup: CIO
\ view thread
We ran into issues with multiple things that still need local admin rights (although there were fewer with Window 10 than with previous OS version but some none the less). The number was high enough we felt we needed to purchase a product to manage these. We did a review of several products and ...
Posted By John Bandy 09-19-2022 10:48:00 AM
Found In Egroup: Cybersecurity
\ view thread
I think it is because they are not checking their individual REN-ISAC mailbox (I know I don't and I was one that contacted you individually). We have so many to keep up with unless there is a forwarding option or something we don't get enough volume there to warrant logging in via the Web interface. ...
Posted By John Bandy 09-19-2022 06:45:00 AM
Found In Egroup: CIO
\ view thread
We use Ellucian and have been very pleased with their service. They have 6 call centers that round robin take the calls so keep that in mind if you need to grant them access to things that may require 2FA (DUO Hard tokens for us). John Bandy Chief Information Security Officer Technology Services ...
Posted By John Bandy 09-14-2022 08:04:00 AM
Found In Egroup: Cybersecurity
\ view thread
There is an option at the bottom of each message to reply directly (it just doesn't keep the contents of the thread when you do this reply). John Bandy Chief Information Security Officer Technology Services 205-726-2692 | office 205-726-2524 | fax JBandy@Samford.Edu 800 Lakeshore ...
Posted By John Bandy 08-10-2022 02:30:00 PM
Found In Egroup: Cybersecurity
\ view thread
It is my understanding student health information is considered FERPA (not HIPAA), however, our clinic takes staff, faculty and spouses of employees and that certainly is HIPAA. We have an isolated network for the outside company that provides those services. We only provide internet (no access to anything ...
Posted By John Bandy 07-27-2022 06:58:00 AM
Found In Egroup: Small Colleges
\ view thread
I know it is no excuse, but KACE (Quest) does the exact same thing. You can use SSO (or not). These sort of implementations are not acceptable. ------------------------------ John Bandy Chief Information Security Officer Samford University ------------------------------
Posted By John Bandy 04-21-2022 10:00:00 AM
Found In Egroup: CIO
\ view thread
Mine just says the host will let me in soon. We are less than a minute from the start John Bandy Chief Information Security Officer Technology Services 205-726-2692 | office 205-726-2524 | fax JBandy@Samford.Edu 800 Lakeshore Drive, Birmingham, AL 35229
Posted By John Bandy 03-15-2022 11:05:00 AM
Found In Egroup: Cybersecurity
\ view thread
We already had an internal SMTP server for connected copiers and the like. We only have 2 or 3 accounts we currently need Basic Auth on that are all SaaS providers and we are pushing it back them to come up with a fix. One of them is the API calls into O365 (not sure if everyone is aware of that ...