Re: Email and IAM directory separation

[Jeff Choo <jeff_choo () WILLIAMJAMES EDU>]

I agree with Mark since we are kind of on the same boat.  I am assuming all of your students will be working in 
healthcare eventually?  Better make your students get use to the hospital level security and HIPAA now during the 
classes versus later when they are doing practicum/internship.  I think of it as job training for students.

Regards

Jeff Choo - Director, Information Technology | Information Security Officer
William James College
One Wells Avenue, Newton, MA 02459
Helpdesk: 617-327-6777 x1600
Direct: 617-564-9344
Email: jeff_choo () williamjames edu



From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Jones, Mark B
Sent: Tuesday, April 17, 2018 3:37 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Email and IAM directory separation

Those are good arguments, but you will be bailing water out of that sinking boat until you retire.

You will have a significant amount of crossover where faculty and even students can also be clinicians.  Then you have 
to decide if you will put them with one group or the other.  Neither decision will make them happy.  You might want 
them to use two different email addresses, but they won't.  you will get clinical mail on the education side no matter 
how you try to keep them separate.

Just raise the bar for both and keep it all together and simple.

From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Bennett, Daniel
Sent: Tuesday, April 17, 2018 2:07 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Email and IAM directory separation

All,

I left higher ed and went to healthcare a few years back.  Now our health system owns a College.  The topic of email 
and active directory has come up a few times.  I would like feedback from those of you working for universities with a 
healthcare element and the approach you all have taken.  My thought is our higher education and clinical businesses 
should remain separate since the level of trust, regulation, and security are different for both sectors.  We should 
not house the email from our students & faculty at the College in the same environment as that of our clinicians and 
healthcare administration.

Thoughts?

Thanks,

Daniel Bennett
Enterprise Cybersecurity Architect
CISSP, ISSAP, ITIL

Information Security Office
100 N Academy Ave, Danville, PA 17822-2290
MC30-02
(w) 570-214-1685
[cid:image001.png@01D3BA15.F8CDC1F0]<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2furldefense.proofpoint.com%2fv2%2furl%3fu%3dhttp-3A__www.geisinger.org_%26d%3dDwMFAg%26c%3d6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ%26r%3djgMu8DNgV_dycz0rYwkNbEQq36F0BI5_Zpblz7C5LhM%26m%3dLZFy9Agzb64ERitcli9f0c4tVBQMxrDCVZ7L1sTRlMY%26s%3d8i-NVaGZW7d23lCG6t7b993wjHBjeLx2Eg6By3LXHf8%26e%3d&c=E,1,Cy-J8i86dxc_qGEbelsh3iprO7NwqK57YHUhbgLPc60Y79ZspsdclxwXXhdxofUls8Wa6dkYI9RhRctvk5PWZmb4jvDvo3poAmkKAam2ceij&typo=1>


________________________________

IMPORTANT WARNING: The information in this message (and the documents attached to it, if any) is confidential and may 
be legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorized. 
If you are not the intended recipient, any disclosure, copying, distribution or any action taken, or omitted to be 
taken, in reliance on it is prohibited and may be unlawful. If you have received this message in error, please delete 
all electronic copies of this message (and the documents attached to it, if any), destroy any hard copies you may have 
created and notify me immediately by replying to this email. Thank you. Geisinger Health System utilizes an encryption 
process to safeguard Protected Health Information and other confidential data contained in external e-mail messages. If 
email is encrypted, the recipient will receive an e-mail instructing them to sign on to the Geisinger Health System 
Secure E-mail Message Center to retrieve the encrypted e-mail.

This message may contain confidential information intended only for the individual named. If you received this message 
by mistake, please let the sender know by e-mail reply and delete it from your system. If you are not the intended 
recipient you are hereby notified that disclosing, copying, distributing or taking any action in reliance on the 
contents of this information is strictly prohibited.