Educause Security Discussion mailing list archives
Re: Physical Location Security of IT Staff
From: Joel Rosenblatt <joel () COLUMBIA EDU>
Date: Wed, 8 Feb 2006 14:16:44 -0500
An issue that comes to mind is are they considering a cubicle farm or closed offices? As a computer security officer, I have many telephone calls with various law enforcement types that really cannot be made in an open environment. We also deal with student violations of DMCA and it would a violation of privacy if their identity were released. My shop is currently in a carded area, but there is noise about moving us - thanks to all for some good ammunition for the setup of our new place :-) Joel Rosenblatt --On Wednesday, February 08, 2006 1:56 PM -0500 Gary Flynn <flynngn () jmu edu> wrote:
Donald J Westlight wrote:smithd6 () OHIODOMINICAN EDU 02/08/06 5:59 AM >>>I am looking for information to support my position that our IT staff need to be physically located in a secured space (ie. no public access to area).Hello Dena,The main reasons to object to sharing physical (unsecured) space are: * ensuring confidentiality of personal information * costs of stolen equipment, materials, and related productivity losses * in an insecure space, physical security requirements (desks and workbenches) prevent actual work from occurring * noise (groups with different workflow often irritate eachother in close quarters: that "noise" is actually work occuring)To add a few more issues: 1) Faculty will probably require that students have access to come and go. 2) If students are allowed access, what are the chances the general public can gain access? 3) What type of elevated privilege accounts, network jacks, IP addresses, and/or wireless access points are available in the IT area? What type of confidential or sensitive data may be available on desks, conference rooms, or training rooms? 4) Will a infected laptop infect, affect, or be able to view IT subnets and their associated elevated access?Here at ohsu.edu all of our IT staff are behind cardlock and it simplifies a great deal.We are too. -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Joel Rosenblatt, Senior Security Officer & Windows Specialist, CUIT Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel - You can't spell seCUrITy without CUIT
Current thread:
- Physical Location Security of IT Staff Smith, Dena (Feb 08)
- <Possible follow-ups>
- Re: Physical Location Security of IT Staff Donald J Westlight (Feb 08)
- Re: Physical Location Security of IT Staff Gary Flynn (Feb 08)
- Re: Physical Location Security of IT Staff Joel Rosenblatt (Feb 08)