Quick Survey - How much of Faculty/Staff directory information is made public? And How?

[James Moore <jhmiso () RIT EDU>]

I am looking to quickly benchmark how much information about faculty and
staff is made public.  Our IT department, and our web governance group
are united in that it should be on the web, because it always has been.
People are not yet good at doing syntax like jhmiso (rat - r) rit (dOt)
edu, so email address collection engines could certainly gather a lot of
faculty and staff addresses off of other websites.  Also, for easy
navigation, it is arranged by department, so the organizational view is
public too.  Titles are included.  Direct telephone numbers are
included, as are building or street address, and often room numbers. 

 

I originally recommended that this be classified "RIT Internal Use
Only", and have IP restrictions (on campus use) or a requirement to
login to get the full information from the Internet.  I have looked at a
couple of universities that have searches for "People" on their main
page, and have found that they often contain all of the same
information, and sometimes more, except for the departmental
organization information.  Since ours is a PDF (and you could find who
is what, rather than knowing the who, and looking for them) that is
another difference. 

 

I am interested in understanding the rational behind classification and
presentation of this information.  I am interested as well in any
stories of why people changed their classification.

Jim

- - - -
Jim Moore, CISSP, IAM
Information Security Officer
Rochester Institute of Technology
13 Lomb Memorial Drive
Rochester, NY 14623-5603
(585) 475-5406 (office)
(585) 475-4208 (lab)
(585) 475-7950 (fax)



"We will have a chance when we are as efficient at communicating
information security best practices, as hackers and criminals are at
sharing attack information"  - Peter Presidio

Confidentiality Notice:  Do the right thing.  If this has the words
"Confidential" or "Private" in the subject line, or similar language in
the email body, or as a label on any attachment, then think.  Do you
know me?  Did you expect to receive this?  Do you recognize and work
with the other addressees?  If not, then you probably received this in
error.  Please, be respectful and courteous, and delete it immediately.
Please, don't forward it to anyone. 

Now, wasn't that simple.  Just, if you had made an error in a sensitive
email, and I received it, what would you want me to do with it?