The paragraph about faculty and their apathy towards proper PC usage hit home for me. I work for a large company (outside of academia) and am currently involved in a project that includes determining what level of access end users will have with their machines (our largest problem is spyware at this point.) I have adamantly advocated that the end users be given only local user priviliges and not be allowed administrative access. Management is concerned that we will face heavy backlash from the end users for this step.

Here's the bottom line: Allowing end users to dictate IT policy increases support costs and workload. I've taken the position that these computers are BigCompany's property, so BigCompany gets to say how they are set up and used. Similarly, the computers in use by the faculty are the college's property, and if the faculty doesn't like the way they're allowed to use the computers in question, then that's too bad. Administration wouldn't tolerate faculty cutting holes in their office walls or smashing up a lecture hall, and misusing a computer can be considered the same thing: misuse of college property. I'd suggest that college IT management could put together a cost-benefit analysis showing how much unsecured faculty machines cost a college in terms of labor and equipment each year, and bring that to the highest levels of administration, and tell them that they can save the college that much money by securing faculty computers. Dollar signs are a universal source of persuasion, and can be used to secure authority from the highest levels of management. It's a lot harder to ignore the president of a university's mandate than it is to ignore some technobabble from some help desk worker.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/267/28479#28479