Educause Security Discussion mailing list archives

Re: Physical Location Security of IT Staff

From: Joel Rosenblatt <joel () COLUMBIA EDU>
Date: Wed, 8 Feb 2006 14:16:44 -0500

An issue that comes to mind is are they considering a cubicle farm or closed offices?  As a computer security officer, 
I have many telephone calls with various
law enforcement types that really cannot be made in an open environment.  We also deal with student violations of DMCA 
and it would a violation of privacy if
their identity were released.

My shop is currently in a carded area, but there is noise about moving us - thanks to all for some good ammunition for 
the setup of our new place :-)

Joel Rosenblatt

--On Wednesday, February 08, 2006 1:56 PM -0500 Gary Flynn <flynngn () jmu edu> wrote:

Donald J Westlight wrote:

smithd6 () OHIODOMINICAN EDU 02/08/06 5:59 AM >>>


I am looking for information to support my position that our IT staff need to be physically located in a secured space 
(ie. no public access to area).




Hello Dena,

The main reasons to object to sharing physical (unsecured) space are:
* ensuring confidentiality of personal information
* costs of stolen equipment, materials, and related productivity losses
* in an insecure space, physical security requirements (desks and workbenches) prevent actual work from occurring
* noise (groups with different workflow often irritate eachother in close quarters: that "noise" is actually work 
occuring)


To add a few more issues:

1) Faculty will probably require that students have access to come
    and go.

2) If students are allowed access, what are the chances the general
    public can gain access?

3) What type of elevated privilege accounts, network jacks, IP
    addresses, and/or wireless access points are available in the
    IT area? What type of confidential or sensitive data may
    be available on desks, conference rooms, or training rooms?

4) Will a infected laptop infect, affect, or be able to view
    IT subnets and their associated elevated access?

Here at ohsu.edu all of our IT staff are behind cardlock and it simplifies a great deal.


We are too.


--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security




Joel Rosenblatt, Senior Security Officer & Windows Specialist, CUIT
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel - You can't spell seCUrITy without CUIT

Current thread:

Physical Location Security of IT Staff Smith, Dena (Feb 08)
- <Possible follow-ups>
- Re: Physical Location Security of IT Staff Donald J Westlight (Feb 08)
- Re: Physical Location Security of IT Staff Gary Flynn (Feb 08)
- Re: Physical Location Security of IT Staff Joel Rosenblatt (Feb 08)