Policies

High Risk Accounts Guideline

Hendrix College, Technology Services
Policy # 12160
Effective: Monday, August 27, 2018
Purpose

The following is a list of criteria that may increase a risk rating of a Hendrix College account holder. Higher risk ratings may result in an increased sophistication of social engineering tests and an increase in frequency and/or type of security training and testing. Users who fall under the high-risk criteria may also be required to have additional security measures placed on their user accounts, such as multi-factor authentication.

Additional Authority
Scope
Responsible Party

1. Statement

The following criteria can be used to determine that a user has a high risk account:

  • Account holder email resides within a recent Email Exposure Check report
  • Account holder is an executive or VP (High value target)
  • Account holder possesses access to restricted information
  • Account holder possesses access to significant company systems
  • Account holder possesses access to information covered under applicable compliance laws or regulations
  • Account holder personal information can be found publicly on the internet
  • Account holder maintains a weak password
  • Account holder has repeated College policy violations

Revisions

Date Change
7/9/2018 Initial Draft