Educause Security Discussion mailing list archives
Re: Quick Survey - How much of Faculty/Staff directory information is made public? And How?
From: "Kieper, David" <kieperd () UWGB EDU>
Date: Tue, 15 Jan 2008 08:26:15 -0600
We make available: Name, operational title, department, office location, email address, direct telephone, and mailing address. This is the same information we make available in our public printed directory. The main restriction is that in the web search form (an ASP application), the person has to put in at least a partial first and last name, and the number of hits returned to a search is limited to ten. These restrictions were put in place to limit harvesting (after we observed harvesting of email addresses by a local business). Regards, David Kieper Manager, Network and Infrastructure Services Information Technology Security Officer Information Services Division University of Wisconsin - Green Bay office: (920) 465-2238 2420 Nicolet Drive fax: (920) 465-2864 Green Bay, WI 54311-7001 USA email: kieperd () uwgb edu ________________________________ From: James Moore [mailto:jhmiso () RIT EDU] Sent: Monday, January 14, 2008 3:02 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Quick Survey - How much of Faculty/Staff directory information is made public? And How? I am looking to quickly benchmark how much information about faculty and staff is made public. Our IT department, and our web governance group are united in that it should be on the web, because it always has been. People are not yet good at doing syntax like jhmiso (rat - r) rit (dOt) edu, so email address collection engines could certainly gather a lot of faculty and staff addresses off of other websites. Also, for easy navigation, it is arranged by department, so the organizational view is public too. Titles are included. Direct telephone numbers are included, as are building or street address, and often room numbers. I originally recommended that this be classified "RIT Internal Use Only", and have IP restrictions (on campus use) or a requirement to login to get the full information from the Internet. I have looked at a couple of universities that have searches for "People" on their main page, and have found that they often contain all of the same information, and sometimes more, except for the departmental organization information. Since ours is a PDF (and you could find who is what, rather than knowing the who, and looking for them) that is another difference. I am interested in understanding the rational behind classification and presentation of this information. I am interested as well in any stories of why people changed their classification. Jim - - - - Jim Moore, CISSP, IAM Information Security Officer Rochester Institute of Technology 13 Lomb Memorial Drive Rochester, NY 14623-5603 (585) 475-5406 (office) (585) 475-4208 (lab) (585) 475-7950 (fax) "We will have a chance when we are as efficient at communicating information security best practices, as hackers and criminals are at sharing attack information" - Peter Presidio Confidentiality Notice: Do the right thing. If this has the words "Confidential" or "Private" in the subject line, or similar language in the email body, or as a label on any attachment, then think. Do you know me? Did you expect to receive this? Do you recognize and work with the other addressees? If not, then you probably received this in error. Please, be respectful and courteous, and delete it immediately. Please, don't forward it to anyone. Now, wasn't that simple. Just, if you had made an error in a sensitive email, and I received it, what would you want me to do with it?
Current thread:
- Re: Quick Survey - How much of Faculty/Staff directory information is made public? And How? Chris Gauthier (Jan 14)
- <Possible follow-ups>
- Re: Quick Survey - How much of Faculty/Staff directory information is made public? And How? Barbara Torney (Jan 14)
- Re: Quick Survey - How much of Faculty/Staff directory information is made public? And How? Roger Safian (Jan 14)
- Re: Quick Survey - How much of Faculty/Staff directory information is made public? And How? Kieper, David (Jan 15)
- Re: Quick Survey - How much of Faculty/Staff directory information is made public? And How? Joel Rosenblatt (Jan 15)