Educause Security Discussion mailing list archives
Quick Survey - How much of Faculty/Staff directory information is made public? And How?
From: James Moore <jhmiso () RIT EDU>
Date: Mon, 14 Jan 2008 16:01:44 -0500
I am looking to quickly benchmark how much information about faculty and staff is made public. Our IT department, and our web governance group are united in that it should be on the web, because it always has been. People are not yet good at doing syntax like jhmiso (rat - r) rit (dOt) edu, so email address collection engines could certainly gather a lot of faculty and staff addresses off of other websites. Also, for easy navigation, it is arranged by department, so the organizational view is public too. Titles are included. Direct telephone numbers are included, as are building or street address, and often room numbers. I originally recommended that this be classified "RIT Internal Use Only", and have IP restrictions (on campus use) or a requirement to login to get the full information from the Internet. I have looked at a couple of universities that have searches for "People" on their main page, and have found that they often contain all of the same information, and sometimes more, except for the departmental organization information. Since ours is a PDF (and you could find who is what, rather than knowing the who, and looking for them) that is another difference. I am interested in understanding the rational behind classification and presentation of this information. I am interested as well in any stories of why people changed their classification. Jim - - - - Jim Moore, CISSP, IAM Information Security Officer Rochester Institute of Technology 13 Lomb Memorial Drive Rochester, NY 14623-5603 (585) 475-5406 (office) (585) 475-4208 (lab) (585) 475-7950 (fax) "We will have a chance when we are as efficient at communicating information security best practices, as hackers and criminals are at sharing attack information" - Peter Presidio Confidentiality Notice: Do the right thing. If this has the words "Confidential" or "Private" in the subject line, or similar language in the email body, or as a label on any attachment, then think. Do you know me? Did you expect to receive this? Do you recognize and work with the other addressees? If not, then you probably received this in error. Please, be respectful and courteous, and delete it immediately. Please, don't forward it to anyone. Now, wasn't that simple. Just, if you had made an error in a sensitive email, and I received it, what would you want me to do with it?
Current thread:
- Quick Survey - How much of Faculty/Staff directory information is made public? And How? James Moore (Jan 14)