Re: Information on Public website

[Amber Weishaar <aweishaar () UINDY EDU>]

We have a searchable contact directory available on our public
website. Visitors must enter at least three letters of an individual's
last name for results to be shown *unless* the user's last name is
only two characters. Then, only exact two-letter last name matches are
shown.

Each person is able to change his/her preferences for which pieces of
information are shown to the public and which are shown via our
authenticated portal.

Amber
--
Amber Weishaar
Director of Web Services
University of Indianapolis
(317) 788-3239
http://www.uindy.edu

On Nov 23, 2009, at 3:36 PM, Emery Rudolph wrote:

> Its one thing to publish department information, but quite another to
> publish an individual employees information and title. The problem
> arises when spammers, vendors, head hunters, etc have free reign to
> contact anyone at will. This is more than annoying to the employee,
> because there is no filter from these types of contacts.
>
> While some employees may conceivably benefit from such exposure
> (academic advisors) other, behind the scenes employees (system
> administrators) would be inconvenienced by students seeking classroom
> assistance, when they should be routing those issues directly to their
> professors.
>
>
> Very Best Regards,
>
> Emery Rudolph
> Director, Systems Management
> University of Maryland University College
> 301-985-7447
> http://www.umuc.edu
>
>
>
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greg Schaffer
> Sent: Monday, November 23, 2009 2:53 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Information on Public website
>
> At some point there has to be some method for persons/entities
> outside a
> university to contact persons within.  I don't really see any problem
> with
> the publication of directory information such as this.  Remember that
> Accessibility is also an important part of information security...
>
> Greg
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Anand S Malwade
> Sent: Monday, November 23, 2009 1:48 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Information on Public website
>
> I was curious to know what other Institution's policy is regarding
> publishing Administrative Staff and faculty information on the
> University's
> Public website. The information includes Name, Title, Phone #,
> Location
> and
> Division.
>
> I my opinion this should be placed behind an authenticated portal as
> it
> maybe be used for Social engineering attacks. Does anyone see
> potential
> privacy concerns ? Any other opinions ?
>
> Thanks
>
> Anand
>
> Seton Hall University.