Educause Security Discussion mailing list archives

Looking for consesus

From: "Chad McDonald, CISSP" <chad.mcdonald () GCSU EDU>
Date: Thu, 3 Aug 2006 09:14:47 -0400

I have been asked to provide realtime information pertaining to who
has access to various systems across campus.  We require the data
owner to sign off on who has access to the systems, so I was
considering publishing on the web a list of names (NOT usernames)
correlating to the systems to which they have access.  I don't see a
need to publish the level of access or any other data than system
name and user's name.  I am torn between providing the easy access to
the data owners and the benefits that access provides and the risk of
making it know who has access to which system.  Any thoughts that you
may have will be appreciated.

Thanks,
Chad McDonald, CISSP
Chief Information Security Officer
Georgia College & State University
Office  478.445.4473
Cell    478.454.8250

Current thread:

Looking for consesus Chad McDonald, CISSP (Aug 03)
- <Possible follow-ups>
- Re: Looking for consesus Valdis Kletnieks (Aug 03)
- Re: Looking for consesus David Gillett (Aug 03)
- Re: Looking for consesus Waller, Michael A. (HSC) (Aug 03)
- Re: Looking for consesus David L. Rotman (Aug 03)