From The University of Akron Support Wiki
Revision as of 03:35, 3 September 2007 by Cjc24 (Talk | contribs)

Jump to: navigation, search


Training Documentation on PointSec

Security and protection of sensitive information is more critical today than ever before. The University of Akron has between 5-10 faculty/staff laptops "lost" each year.

In order to protect The University of Akron and personal sensitive information, the Information Technology Security Committee (ITSC) requires that Whole Hard Disk Encryption software be installed on faculty and staff laptops.

Whole hard drive encryption protects data on a computer from access if it is stolen. Encryption software is another layer in The University of Akron overall security plan.

Encryption is the process of using advanced algorithms to convert data to a form that is indistinguishable from random data without the key.

After an exhaustive review, Information Technology Services identified Pointsec data encryption software as the product that best meets the University’s needs.

For information about the encryption software, visit http://pointsec.com


The deployment of whole disk encryption is the result of a request by the Information Technology Security Policy Committee (ITSPC).

ITSPC is responsible to the Office of the Provost. One of the committee’s tasks is the improvement of the security of sensitive data at The University of Akron. The Cost for Loss of Confidential Information When sensitive or confidential information is lost or stolen, the cost be devastating both in terms of dollars and public trust.

Ohio University estimates it will spend over $8 million because of their security breach.

The Veterans Administration spent $4 million dollars just to notify affected veterans when data was compromised.

The University of Texas experiences a large drop in the number of applications after a security breach.

Insurance to cover the notification cost of a data breach would be $90,000 a year.

The Gartner group estimates the direct costs of a security breach is a $79 per name. If 10,000 names are compromised, that’s $790,000. If 100,000 names, it’s $7.9 million.

By encrypting its computers, The University of Akron is taking a major step toward ensuring the security of its data and mitigating the damaging effects of a security breach.

Benefits of Using Encryption Software

  • Regulatory compliance. Using the data encryption software places The University of Akron in compliance with legal requirements for the protection of sensitive data.
  • Improved data security. This software will provide a substantial increase in the security of sensitive data such as student grades and information stored on faculty members laptops.
  • Cost Savings. If a laptop with encryption software is lost and it is has sensitive data on it, the University does not need to notify the individuals whose information is on the laptop because the data is not compromised.

Password Reset Policy

In order to ensure the security of sensitive date, the following policy will be followed by the Support Desk when resetting a password. For normal situations, users who have forgotten their encryption password:

  1. Must come to the Support Desk in person.
  2. Present a photo ID.
  3. Support Desk will verify the name on the ID against the laptop-ownership database.(\\fp1\IS Public\Technology Learning Support Center\Pointsec)
  4. If they match, the Support Desk will allow the user to reset the password through the challenge/response system.

If it is an emergency and the user cannot get to the helpdesk:

  1. User will set up a conference call with their manager or departmental secretary and the Support Desk.
  2. The manager/departmental secretary will verify for the Support Desk that the user is supposed to have access to the computer.
  3. The Support Desk will then allow the user to reset the password through the challenge/response system.

In some cases the user may not know their PointSec password because they never went through the initial setup. If a user has never been able to get past the PointSec Logon screen, have them try to login with:

  • Username: firstuse
  • Password: gozips1

note: After the first login with this ID, the user will be forced to create a new username/password. This "firstuse" account will no longer function. This new username and password only applies to that particular machine

Password Requirements and Expiration

Passwords expire every 120 days and need to be changed. Passwords are required to be at least 7 characters long, with at least one letter, one number, and one capital letter.