Educause Security Discussion mailing list archives
Re: Physical Location Security of IT Staff
From: Gary Flynn <flynngn () JMU EDU>
Date: Wed, 8 Feb 2006 13:56:16 -0500
Donald J Westlight wrote:
smithd6 () OHIODOMINICAN EDU 02/08/06 5:59 AM >>>I am looking for information to support my position that our IT staff need to be physically located in a secured space (ie. no public access to area).Hello Dena,
The main reasons to object to sharing physical (unsecured) space are: * ensuring confidentiality of personal information * costs of stolen equipment, materials, and related productivity losses * in an insecure space, physical security requirements (desks and workbenches) prevent actual work from occurring * noise (groups with different workflow often irritate eachother in close quarters: that "noise" is actually work occuring)
To add a few more issues: 1) Faculty will probably require that students have access to come and go. 2) If students are allowed access, what are the chances the general public can gain access? 3) What type of elevated privilege accounts, network jacks, IP addresses, and/or wireless access points are available in the IT area? What type of confidential or sensitive data may be available on desks, conference rooms, or training rooms? 4) Will a infected laptop infect, affect, or be able to view IT subnets and their associated elevated access?
Here at ohsu.edu all of our IT staff are behind cardlock and it simplifies a great deal.
We are too. -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Current thread:
- Physical Location Security of IT Staff Smith, Dena (Feb 08)
- <Possible follow-ups>
- Re: Physical Location Security of IT Staff Donald J Westlight (Feb 08)
- Re: Physical Location Security of IT Staff Gary Flynn (Feb 08)
- Re: Physical Location Security of IT Staff Joel Rosenblatt (Feb 08)