Re: Information on Public website

[Pete Hickey <pete () SHADOWS UOTTAWA CA>]

I think the issue is with EVERYBODY being there.

How many private companies have a complete directory of their staff?
How many Universities do?

Culture.

We have had at least one spear-phishing attempt because of this.

(The main reason I don't like it is salseman)


On Mon, Nov 23, 2009 at 01:52:32PM -0600, Greg Schaffer wrote:
> At some point there has to be some method for persons/entities outside a
> university to contact persons within.  I don't really see any problem with
> the publication of directory information such as this.  Remember that
> Accessibility is also an important part of information security...
>
> Greg
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Anand S Malwade
> Sent: Monday, November 23, 2009 1:48 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Information on Public website
>
> I was curious to know what other Institution's policy is regarding
> publishing Administrative Staff and faculty information on the University's
> Public website. The information includes Name, Title, Phone #, Location and
> Division.
>
> I my opinion this should be placed behind an authenticated portal as it
> maybe be used for Social engineering attacks. Does anyone see potential
> privacy concerns ? Any other opinions ?
>
> Thanks
>
> Anand
>
> Seton Hall University.

--
Pete Hickey                      Don't worry about the world coming to
The University of Ottawa         an end today.  It's already tomorrow
Ottawa, Ontario                  in Australia.
Canada