Re: Physical Location Security of IT Staff

[Gary Flynn <flynngn () JMU EDU>]

Donald J Westlight wrote:

> > > > smithd6 () OHIODOMINICAN EDU 02/08/06 5:59 AM >>>
> >
> > I am looking for information to support my position that our IT staff need to be physically located in a secured space 
> > (ie. no public access to area).
>
>
>
> Hello Dena,

> The main reasons to object to sharing physical (unsecured) space are:
> * ensuring confidentiality of personal information
> * costs of stolen equipment, materials, and related productivity losses
> * in an insecure space, physical security requirements (desks and workbenches) prevent actual work from occurring
> * noise (groups with different workflow often irritate eachother in close quarters: that "noise" is actually work 
> occuring)

To add a few more issues:

1) Faculty will probably require that students have access to come
   and go.

2) If students are allowed access, what are the chances the general
   public can gain access?

3) What type of elevated privilege accounts, network jacks, IP
   addresses, and/or wireless access points are available in the
   IT area? What type of confidential or sensitive data may
   be available on desks, conference rooms, or training rooms?

4) Will a infected laptop infect, affect, or be able to view
   IT subnets and their associated elevated access?


> Here at ohsu.edu all of our IT staff are behind cardlock and it simplifies a great deal.

We are too.


--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security