Educause Security Discussion mailing list archives

Re: Risks of using "free" public blogs and/or wikis for class activities

From: "HALL, NATHANIEL D." <halln () OTC EDU>
Date: Sat, 23 Jun 2007 22:35:05 -0500

I have a couple of thoughts on this.

1)      Data exposure - This is a common problem amongst colleges and universities (C&U), even with their own services. 
I frequently hear of C&U who have exposed personal student and employee data because an instructor put the information 
on their own publicly available web or FTP server. That said, the information is easier to find if it is only contained 
within your network and not across the Internet.

2)      Legal discovery - Let's say you receive complaints against a student or instructor for comments made on a 3rd 
party service. What do you do? Sure it isn't your server, but they were acting as a student or employee of your school. 
What if it goes to court? You could look really bad because the school didn't support the needs of the instructor or 
because the school didn't know what the instructor or students were saying on a "school endorsed" server.

I am in the process (have been for a while) of creating and enforcing policies to prevent  such issues.  I recommend 
you do the same.

--
Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA
Network Security System Administrator
Ozarks Technical Community College


-----Original Message-----
From: "Clifford Collins" <Collinsc () FRANKLIN EDU>
To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Sent: 6/22/07 2:14 PM
Subject: [SECURITY] Risks of using "free" public blogs and/or wikis for class activities

A faculty member on our campus recently approached our IT group to have a blog and/or wiki set up to support her 
classes next month. This request was out of the blue and didn't go through normal channels (department head, planning 
committees, etc).
 
IT's response was that some thought, planning and a server were necessary to do it right and therefore more time would 
be needed to provide a supportable solution. Now the faculty member is saying she will just use one of the many "free" 
ones on the Internet.
 
I'm interested in people's view of any risks or other down-sides to such an approach. Pointers to papers, analysis and 
whatnot would be appreciated as well. Your thoughts?
 
 
Clifford A. Collins
Network Security Administrator
Franklin University
201 South Grant Avenue
Columbus, Ohio 43215
"Security is a process, not a product"

Current thread:

Risks of using "free" public blogs and/or wikis for class activities Clifford Collins (Jun 22)
- <Possible follow-ups>
- Re: Risks of using "free" public blogs and/or wikis for class activities Cal Frye (Jun 22)
- Re: Risks of using "free" public blogs and/or wikis for class activities Valdis Kletnieks (Jun 23)
- Re: Risks of using "free" public blogs and/or wikis for class activities HALL, NATHANIEL D. (Jun 23)
- Re: Risks of using "free" public blogs and/or wikis for class activities Brad Judy (Jun 24)
- Re: Risks of using "free" public blogs and/or wikis for class activities HALL, NATHANIEL D. (Jun 25)
- Re: Risks of using "free" public blogs and/or wikis for class activities Valdis Kletnieks (Jun 25)
- Re: Risks of using "free" public blogs and/or wikis for class activities Brad Judy (Jun 25)
- Re: Risks of using "free" public blogs and/or wikis for class activities Brad Judy (Jun 25)
- Re: Risks of using "free" public blogs and/or wikis for class activities Cal Frye (Jun 25)
- Re: Risks of using "free" public blogs and/or wikis for class activities Alex Campoe (Jun 26)
- Re: Risks of using "free" public blogs and/or wikis for class activities David Gillett (Jun 26)