Re: Email and IAM directory separation

["Davis, Chris" <CDavis () LOURDES EDU>]

Could not agree more – the more segregation the better.  It really simplifies the HIPAA aspect of email as you can deal 
with both environments different and scale the cost accordingly.

Chris

Christopher Davis, Ph.D.
Chief Information Officer
Lourdes University
6832 Convent Blvd | REH 003P | Sylvania, OH 43560
cdavis () lourdes edu<mailto:cdavis () lourdes edu>

CyberAware – Be aware. Stay Secure.
Lourdes University will never ask you to send sensitive information through unsecure channels. Report any message that 
asks you to provide or confirm personal information such as credit card and/or bank account numbers, Social Security 
numbers, passwords, etc. or any other suspicious activity to infosec () lourdes edu<mailto:infosec () lourdes edu>. For 
more information please visit lourdes.edu/cyberaware<http://lourdes.edu/cyberaware>.

CONFIDENTIALITY NOTICE: The contents of this email message and any attachments are intended solely for the addressee(s) 
and may contain confidential and/or privileged information and may be legally protected from disclosure. If you are not 
the intended recipient of this message or their agent, or if this message has been addressed to you in error, please 
immediately alert the sender by reply email and then delete this message and any attachments. If you are not the 
intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its 
attachments is strictly prohibited.


From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of "Bennett, 
Daniel" <00000061b05c90f6-dmarc-request () LISTSERV EDUCAUSE EDU>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Tuesday, April 17, 2018 at 3:18 PM
To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Email and IAM directory separation

All,

I left higher ed and went to healthcare a few years back.  Now our health system owns a College.  The topic of email 
and active directory has come up a few times.  I would like feedback from those of you working for universities with a 
healthcare element and the approach you all have taken.  My thought is our higher education and clinical businesses 
should remain separate since the level of trust, regulation, and security are different for both sectors.  We should 
not house the email from our students & faculty at the College in the same environment as that of our clinicians and 
healthcare administration.

Thoughts?

Thanks,

Daniel Bennett
Enterprise Cybersecurity Architect
CISSP, ISSAP, ITIL

Information Security Office
100 N Academy Ave, Danville, PA 17822-2290
MC30-02
(w) 570-214-1685
[cid:image001.png@01D3BA15.F8CDC1F0]<http://www.geisinger.org/>


________________________________

IMPORTANT WARNING: The information in this message (and the documents attached to it, if any) is confidential and may 
be legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorized. 
If you are not the intended recipient, any disclosure, copying, distribution or any action taken, or omitted to be 
taken, in reliance on it is prohibited and may be unlawful. If you have received this message in error, please delete 
all electronic copies of this message (and the documents attached to it, if any), destroy any hard copies you may have 
created and notify me immediately by replying to this email. Thank you. Geisinger Health System utilizes an encryption 
process to safeguard Protected Health Information and other confidential data contained in external e-mail messages. If 
email is encrypted, the recipient will receive an e-mail instructing them to sign on to the Geisinger Health System 
Secure E-mail Message Center to retrieve the encrypted e-mail.