Re: Staff Directory on Web

[Blake Brown <Blake.Brown () MHCC EDU>]

We moved ours behind the firewall to the Intranet a few years back due the security concerns motioned below. The damage 
was already with the previous emails exposed but it should help with newer ones.

There was some pushback from facility, but it was minor and after some conversations they understood the reasons why.

Thanks,
Blake Brown

________________________________
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Sidharth Nandury 
<nandurys () DENISON EDU>
Sent: Thursday, June 24, 2021 11:00 AM
To: SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Staff Directory on Web

External Email

We had a very brief conversation about this, which sparked from one of the IT staff email being used for malicious 
purposes. We have not taken a particular action yet, but there was a conversation about using an alias email on the web 
pages, which still provides contact information and so-called "good" marketing, but also provides some buffer.

Sid

On Thu, Jun 24, 2021 at 1:56 PM Barton, Robert W. <bartonrt () lewisu edu<mailto:bartonrt () lewisu edu>> wrote:
Afternoon,

There is a little debate going here on IF our directory of employees (name, number, email, department) should be 
available to the web.  One side looks at it as we are being transparent, and it is good "marketing".  The other side is 
looking at it like we are releasing to much information (making it easier for a hacker to find targets) and making it 
easy for SPAMers.  Has anybody had this conversation before?  Anybody have an article that says one or the other?

As I search around, I'm seeing colleges/universities that go both ways.

Robert W. Barton
Executive Director of Information Security & Policy
Lewis University
1 University Parkway
Romeoville, IL  60446-2200
815-836-5663

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community


--
[Denison University Logo]<https://denison.edu>

Sidharth S. Nandury (He/Him/His)
Network Engineer
Information Technology Services

100 West College Street, Granville, OH 43023<https://deniso.nu/2qF6h7M> | Fellows 003C<https://denison.edu/map>
Office: 740-587-5533 | Mobile: 516-314-4413
nandurys () denison edu<mailto:nandurys () denison edu>
https://denison.edu/campus/technology

[https://docs.google.com/uc?export=download&id=1Eg6sMK86ZSUv8EVunO0AWCQQnamf6kM7&revid=0B37SWryghdshQmd2a3ZoNUVId09jRjlFdlA0NEl4MS9WbmZrPQ]<https://denison.edu/>[https://docs.google.com/uc?export=download&id=1YAEcBNl3TCTNRAcKiu1RLyXZnnp2bzgX&revid=0B37SWryghdshS0plVVdLZ0JNYmh2NU5kMVh0TWpHMndlUXQ0PQ]

Please consider the environment before printing this email.

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community