Re: Protecting helpdesk instruction sheets

["Taube, Dan" <djtaube () ILSTU EDU>]

We have public and restricted KBs. There is a release process that knowledge creators in any team can recommend any 
given article to be public. Our support center then has a team that will review, clean, and release such articles when 
appropriate.



You can see an example of our user KB here: https://ithelp.illinoisstate.edu



We have started taking a further step where there is a public facing article that has secured content in it. An example 
is where we want a public article for awareness, but restrict details that might create a security exposure.



You can see an example of that approach here: 
https://docs.illinoisstate.edu/informationsecurity/topics/other-documents/fy19-it-specific-audit-finding-report



Dan

Illinois State University



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Nadim El-Khoury
Sent: Thursday, February 4, 2021 5:17 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Protecting helpdesk instruction sheets



[This message came from an external source. If suspicious, report to abuse () ilstu edu<mailto:abuse () ilstu edu>]

Hi Jim,



I always used IU KB knowledge as the model to follow. 
https://kb.iu.edu/<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fkb.iu.edu%2F&data=04%7C01%7C%7C071f428b243a4cc6d40f08d8c9631498%7C085f983a0b694270b71d10695076bafe%7C1%7C0%7C637480774669250475%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Y0kQBZPXhjn0Q0zL9ysmEfvfHtLPZs9%2F%2FULprah5N5A%3D&reserved=0>



Best,



Nadim



On Thu, Feb 4, 2021 at 6:13 PM Gramke, Jim <0000018b95783deb-dmarc-request () listserv educause 
edu<mailto:0000018b95783deb-dmarc-request () listserv educause edu>> wrote:

   Hey all,

   Who here has their helpdesk self-help knowledge pages protect by password?   (ie, not available to the general 
public)

   Ours are available from anywhere, but one must authenticate to view them --- just to make it harder for a would be 
attacker to do recon against us and learn of internal structures, products, and protocols in use.    However there is 
now a request to make ours public as well.

   Just wondering what you all do with this.

   Thanks,

   Jim Gramke
   College of St. Benedict, St. John's University


   **********
   Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7C%7C071f428b243a4cc6d40f08d8c9631498%7C085f983a0b694270b71d10695076bafe%7C1%7C0%7C637480774669260436%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=%2F%2Bw8eWCuxu1LRYOOFGVn5e0paB8jxtf8jHcZysu%2BRGY%3D&reserved=0>

   **********
   Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7C%7C071f428b243a4cc6d40f08d8c9631498%7C085f983a0b694270b71d10695076bafe%7C1%7C0%7C637480774669260436%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=%2F%2Bw8eWCuxu1LRYOOFGVn5e0paB8jxtf8jHcZysu%2BRGY%3D&reserved=0>


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community