Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Quick Survey - How much of Faculty/Staff directory information is made public? And How?

From: Barbara Torney <bt42 () COLUMBIA EDU>
Date: Mon, 14 Jan 2008 17:39:07 -0500
We show the usual (name, title, phone, location, and email address), but since it requires a search transaction, nothing is on the site in the directory in static html. Everything is in a database.
Of course, I know that individual department pages have whatever on them, although our web editor has tried to clean them up when he comes across them. We are working on moving the departmental staff information to a query, too. (Right now you can look up a department in the directory, but it only gives you the general contact number.)
I have a feeling that most of our addresses are already out there in cyberspace, many harvested from address books via viral infections. But it's never too late to lock the barn door, eh? 

Regards, bat

--
Barbara Torney
Director, Administrative Information Services
Teachers College, Columbia University
New York, NY 10027

V: 212-678-3487
F: 212-678-3243


Quoting Chris Gauthier <cgauthie () PCC EDU>:


One organization I checked out did something very ingenious.  They have
a contact page that looks great, but has no clickable links on it.
Upon further inspection, the whole list was an image instead of HTML.
Quite clever, I thought.

Chris

James Moore wrote:
I am looking to quickly benchmark how much information about faculty and staff is made public. Our IT department, and our web governance group are united in that it should be on the web, because it always has been. People are not yet good at doing syntax like jhmiso (rat - r) rit (dOt) edu, so email address collection engines could certainly gather a lot of faculty and staff addresses off of other websites. Also, for easy navigation, it is arranged by department, so the organizational view is public too. Titles are included. Direct telephone numbers are included, as are building or street address, and often room numbers.
I originally recommended that this be classified "RIT Internal Use Only", and have IP restrictions (on campus use) or a requirement to login to get the full information from the Internet. I have looked at a couple of universities that have searches for "People" on their main page, and have found that they often contain all of the same information, and sometimes more, except for the departmental organization information. Since ours is a PDF (and you could find who is what, rather than knowing the who, and looking for them) that is another difference.
I am interested in understanding the rational behind classification and presentation of this information. I am interested as well in any stories of why people changed their classification. 

Jim

- - - -
Jim Moore, CISSP, IAM
Information Security Officer
Rochester Institute of Technology
13 Lomb Memorial Drive
Rochester, NY 14623-5603
(585) 475-5406 (office)
(585) 475-4208 (lab)
(585) 475-7950 (fax)
"We will have a chance when we are as efficient at communicating information security best practices, as hackers and criminals are at sharing attack information" - Peter Presidio
Confidentiality Notice: Do the right thing. If this has the words "Confidential" or "Private" in the subject line, or similar language in the email body, or as a label on any attachment, then think. Do you know me? Did you expect to receive this? Do you recognize and work with the other addressees? If not, then you probably received this in error. Please, be respectful and courteous, and delete it immediately. Please, don't forward it to anyone. Now, wasn't that simple. Just, if you had made an error in a sensitive email, and I received it, what would you want me to do with it? 




--
Chris Gauthier, CCNA, Network+, A+
Network Administration Team
Portland Community College
Portland, Oregon

"For once you have tasted flight you will walk the earth with your eyes
turned skywards, for there you have been and there you will long to
return."
--Leonardo da Vinci
Previous By Date Next
Previous By Thread Next

Current thread: