Main Nav

Participate in this Group

Search This Group

UCCS Job Posting: IT Security Analyst
October 16, 2012 | Listserv Anonymous User
Message from gwillia5@uccs.edu

Colleagues, the University of Colorado Colorado Springs is looking for an IT Security Analyst.  UCCS is one of the fastest growing universities in the country with 9,850 students enrolled this fall and 15,000 to 17,000 expected by 2020.

 

Short description: To assist the IT Security Principal in the development, monitoring, and enforcement of security policy and baseline standards to ensure that the University of Colorado Colorado Springs maintain confidentiality, integrity, and availability of university systems. 

 

Examples of Work Performed 
- Leverage various resources (NIDS, HIDS, netflow, SCCM, etc) to identify and remediate potential security issues 
- Assist in risk assessments, security incidents and investigations 
- Assist in...

1 Comment
Part 352 - Federal Government Contractual Security Provisions
October 14, 2012 | Chris Kidd
We have several departments that have entered into contracts with Health and Human Services and other federal agencies. The contracts require compliance with Part 352.239-70-73 (http://www.hhs.gov/policies/hhsar/subpart352-30s.html). The Contracting Officers from the federal government are now asking for the documentation associated with compliance. I'm hoping others have had the opportunity to respond to similar language. If so, could I bounce a few questions off of you privately? Or - even better - let me know if you are willing to share any documentation or checklists! Regards, Chris Kidd Chief Information Security and Privacy Officer University of Utah and University of Utah Health Sciences 650 Komas Suite 102 Salt Lake City, UT 84108 office 801.587.9241 cell 801.747.9028
0 Comments
Cyber Security Survey (2nd Announcement)
October 11, 2012 | Listserv Anonymous User
Message from nxg13@psu.edu

Colleagues on the EDUCAUSE Security List,

 

This is a second announcement.  My apologies for reposting, but we’re looking for as many responses as we can get to the survey.  We’ll re-post this one or two more times before we close the survey.  I am hoping that you might take a few minutes to complete a survey about your experience in cyber security.  Below is the link to the survey and the official recruiting email:

 

https://asu.qualtrics.com/SE/?SID=SV_djazpvhXqgAa8wR

 

You are being asked to participate in a survey research project entitled “Cyber Security Task Analysis” which is being conducted...

1 Comment
SMTP attacks, anyone ?
October 10, 2012 | Listserv Anonymous User
Message from advax@triumf.ca

In the last few months on two occasions we've had a user's email credentials compromised and used to send spam via SMTP. We have a Postfix mail relay where users can authenticate via SASL to send mail from offsite, and this was what was used. There was no obvious trace of a dictionary attack; it seems the attackers knew a password somehow and then proceeded to use it from a couple of hundred different client addresses around the world (which themselves appear to be SMTP servers, rather than home PCs). Both the users in question deny "risky network behaviour" and are fairly clueful - would not fall for phishing, do not frequent cybercafes etc. Their passwords (now changed of course) were robust enough not to fall to a few hours of "John the Ripper" so I doubt they were trivially guessed. I wondered if anyone else had seen this kind of abuse. Right now it's not a serious problem, but of course if we've got unexplained compromises I...
4 Comments
EDUCASE Cybersecurity Survey from IU CACR Fellow
October 9, 2012 | Scott Shackelford
Dear EDUCASE Security Colleagues, My name is Scott Shackelford, and I am an Assistant Professor of Business Law and Ethics at the Indiana University, Kelley School of Business as well as being a fellow at the Center for Applied Cybersecurity Research (CACR). I would like to invite you to participate in a survey measuring cyber risk assessment. This study will be used as part of a white paper on comparative cyber risk mitigation strategies that will eventually be published in the Stanford Journal of International Law. These results will also help inform an upcoming conference at Indiana University co-sponsored by the CACR and the Kelley School of Business on cyber risk assessment in the private sector. Survey Link: http://www.surveymonkey.com/s/ZSW6JF2. What is this research about? This research was born from my manuscript, Managing Cyber Attacks in...
0 Comments
[SECURITY]
October 9, 2012 | Nicholas M. Tella
Sincerely, Nicholas M. Tella Information Security Manager Information Security Services (ISS) Johnson & Wales University Nicholas.Tella@jwu.edu 401-598-3030 Sent from my iPad
0 Comments
Results: Public vs. Private IP Address Survey
October 8, 2012 | Michael G. Carr

In late August, I developed a simple SurveyMonkey and asked a few questions about Private vs. Public IP Addresses (to see if any consistent thread could be gleaned.)  The responses follow:

 

 

 

 

 

 

 

Question 5 - If you have any College/Dept IT Mgrs, faculty or researchers who have insisted on keeping/maintaining public IP addresses, what were their reasons?

 

Other (responses)

 

...

2 Comments
Revel POS System
October 8, 2012 | Rad Taylor
Siena College is investigating the purchase of one or two iPad based  point of sale systems from Revel Systems. What has your experience been?  Any security issues we should be aware of?  Any PCI compliance issues?  If so, please advise. 
 
Thanks.
 
---
 
Rad Taylor
ITS/Information Security
Siena College
 
 
 
 
 
0 Comments
Systems Programmer/Compliance Specialist Position
October 8, 2012 | Michael Natale

For all who are interested, Wright State has an open for a System Programmer/Compliance Specialist:  https://jobs.wright.edu/postings/5837

 

Regards,

Mike

 

Michael Natale, CISSP

Manager, Information Security

Computing and Telecomm Services

Wright State University

937-775-3910 (voice)

937-775-4049 (fax)

 

0 Comments
McAfee preventing Windows 7 logons
October 8, 2012 | Robert J. Smith
We are experiencing what appears to be a growing problem with Windows 7 and McAfee 8.8 preventing logons via AD.  There isn’t much information to provide since we have been unable to see any logged activity either in Windows or in the McAfee logs to help diagnose the problem, yet when we disable the Access Protection feature the logons will proceed normally.  The other odd behavior we are seeing is that this seems to only affect new users/logons.  For example, existing users who had successfully logged on to the computer previously (either prior to installing or upgrading to McAfee 8.8) do not have the problem.  We believe that McAfee (or something else?) is preventing the creation of new profiles in the c:\users directory.
 
Some of the workarounds being used are safe mode booting, let the user logon (basically creates the profile), and then reboot in normal mode after the profile is created on the computer.  We also...
4 Comments
VMWare Fusion for SANS Classes
October 8, 2012 | Gary Flynn
Anyone had problems with or used VMWare Fusion for SANS classes? I'm particularly interested in the SEC508 Metasploit class. thanks, -- Gary Flynn Security Engineer James Madison University
2 Comments
It's a GO: Registration is OPEN for SANS LEG 523 Law of Data Security and Investigations
October 5, 2012 | Beth Binde
We've gotten the minimum headcount -- SANS LEG 523 is a GO! Rutgers University in partnership with NJEdge.Net will host SANS LEG523: Law of Data Security and Investigations. Remote Access discounted price for EDU & GOV: $1,415 Register here for remote participation: https://www.sans.org/registration/ivc.php?lid=29839 Full course description: https://www.sans.org/security-training/law-data-security-investigations-... Speaker bio: http://www.sans.org/instructors/benjamin-wright Please feel free to contact me...
0 Comments
Local Administrator password change for many computers
October 5, 2012 | Jason Gates
Has anyone come across a good method for changing local administrator passwords on many computers?
I've looked into:
pspasswd from sysinternals
group policy preferences
SCCM scripts

I'm not impressed with how GPP obfuscates the password, scripts are insecure(?) and pspasswd is not very ellegant since it requires the computer to be alive at the time its run.
Any other ideas?
--
Jason Gates
IT Security Consultant
Southern Adventist University

4 Comments
Today's E-Live Webinar with Dave Cullinane
October 4, 2012 | Valerie M. Vogel
Security Awareness and Communication in the C-Suite

Don’t forget to join us for today’s webinar with Dave Cullinane. We begin at 1 pm ET!

 

·        Go to the Adobe Connect website: https://educause.adobeconnect.com/live

·        Select “Enter as a Guest”

·        Enter in your first and last name, as well as your organization, in the “Name” field

 

Thank you,

Valerie

 

0 Comments
Automatic timeout to locking screensaver
October 4, 2012 | David A. Curry
Greetings,

I'm trying to make the case for implementing a mandatory locking screensaver on our office workstations/laptops (faculty and administrative staff). It would be done in the usual way: after some period (15, 20, 30 minutes TBD) of idle time, the system would invoke the screen saver, and to restore the screen and continue working, the user would have to enter his or her password. Reaction has been mixed (as I expected), and the usual question has come up: "well, what do other universities do?"

So....
  1. Do you implement a mandatory locking screen saver on your staff and/or faculty computers?
  2. If so, do you do so for all staff/faculty, or just certain groups (and what are those groups)?
  3. If so, how long is your timeout before the screensaver starts?

Thanks,

--Dave


--

DAVID A. CURRY, CISSP • DIRECTOR OF...

6 Comments
EmergingThreats.net
October 4, 2012 | Andrea Di Fabio

Experts,

 

We have been using the following for many years now http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt on our border CISCO ASA firewalls with great success and little to no issues. A script pulls the new list, compares it with the old one and applies the delta.  We are currently switching to PaloAlto FWs and it appears that scripting/importing this large list may not be as easy as it was with the ASA.

 

Can those of you who use the ET list with PaloAlto give us some feedback/scripts/API on how you implemented it? We are also considering moving it to our border CISCO router either as an ACL or as a Null route, any feedback with the latter and/or scripts you may be using? My primary concern with using Null route is...

6 Comments
Dozens of Universities Hacked by Team Ghostshell (Project Westwind)
October 4, 2012 | Listserv Anonymous User
Message from nxg13@psu.edu

I’m sure you’ve all heard, but in case you have not, dozens of universities across the globe have been hacked into by hactivists from a group called Team Ghostshell. You will want to check to see if your organization has been affected.

 

articles.philly.com/2012-10-03/news/34240286_1_penn-officials-twitter-university

The University of Pennsylvania was among dozens of universities worldwide that were hacked and had student and employee records posted online this week.

Penn officials issued an email Wednesday confirming the breach, which they said was limited in scope.

"Fortunately, no sensitive information that could result in identify theft, such as Social Security numbers, PennKey passwords, bank...

0 Comments
Two (2) Information Security Analyst Positions at The University of Texas at Austin
October 3, 2012 | Charles Scott
The Information Security Office at the University of Texas at Austin has two openings for Information Security Analysts to be part of our Risk Management team. This team performs network vulnerability assessments, application vulnerability assessments, and risk assessments for departments, colleges, schools, and research units on campus. It is primarily a technical position with a dash of policy/compliance/awareness work. Additional information can be found here: https://utdirect.utexas.edu/apps/hr/jobs/nlogon/120929019326 Thank you, Charlie -- Charlie Scott, CISSP, GSEC, GCIH, GWAPT, GCIA Assistant Information Security Officer Information Security Office The University of Texas at Austin 512-475-9482 "Securus * Vigilare * Insanus"
0 Comments
Public Use VLAN (x-posted to netman listserv)
October 2, 2012 | Allen Wood

As much as I hate it, I’ve been told to setup an open wireless network for our campus.  I created a vlan with access lists that deny  all traffic to inside our network, and created the open SSID to put on it.  Traffic can flow freely now from the open wireless to the internet.

 

However, I’m using a public DNS for the clients and they’re unable to reach our locally hosted (NAT’d) web servers.  We’re currently using a Cisco ASA at the edge of our network which does all of our NAT’ing.  I could open up the VLAN access list a bit and allow them access to our internal DNS & web servers, but I’d rather not.

 

Has anyone run into this issue before?  What’s the “best practices” at this point… other than removing the public network in...

7 Comments
Cyber Security Survey
October 2, 2012 | Listserv Anonymous User
Message from nxg13@psu.edu

Colleagues on the EDUCAUSE Security List,

 

I am hoping that you might take a few minutes to complete a survey about your experience in cyber security.  Below is the link to the survey and the official recruiting email:

 

https://asu.qualtrics.com/SE/?SID=SV_djazpvhXqgAa8wR

 

You are being asked to participate in a survey research project entitled “Cyber Security Task Analysis” which is being conducted by Dr. Nancy Cooke, faculty; Michael Champion, Shree Jariwala, and Prashanth Raijivan, Genevieve Dube, graduate researchers, at Arizona State University and Dr. Michael McNeese, faculty, Nick Giacobe, graduate researcher, at the...

1 Comment
Questions/thoughts around outsourcing guest wireless)
August 11, 2012 | Jeffrey I. Schiller
I have run into two interesting use cases. The first is the obvious, providing access to people on campus who do not normally have access to our "regular" wireless network (which will soon require authentication, etc. etc.). The second one is the use case where you need guests to interact closely with faculty and staff. For example the laptop of a visiting researcher who is collaborating closely with a particular faculty member (or lab). For example in the lab they may need to be on the same subnet as the affiliated people. Now for a long term visitor, they can presumably be granted credentials and become effectively a part of the community. But there is also the short term (aka a weekend) case. Another way to look at it is that some guests just need access to the Internet while others need access to the network at the institutions and these are subtly different. -Jeff
3 Comments
Combating directory harvests
July 19, 2012 | Tyler Schoenke
I am wondering what other schools are doing to combat LDAP directory harvests. We are constantly hit with phishing campaigns. While some email addresses are grabbed via web searches, malware reading address books, or other means, I suspect email directory harvests account for a large percentage of the addresses used in phishing campaigns. Some ideas we have tossed around for limiting the harvests are: - Only allow email look-ups to campus address space and campus VPN. - Rate limit using a firewall or IDP to block an IP address for specific period of time if connection attempts are made too rapidly. - Rate limit at the web server that interfaces into the LDAP server. Only allow a specific number of queries per source IP address per time period. - Use a Captcha to reduce the number of automated queries. - Reduce the number of results returned. Instead of 100 rows, return 5 closest matches. - Require a valid email address to run the query. Block email accounts from anonymous...
3 Comments
SecureDoc
July 17, 2012 | Pebby Garner

Hi,

Here at University of Texas at San Antonio, we are deploying SecureDoc soon.  We are looking for someone who would be able to come to our campus for WinMagic support as we are deploying this solution.  Is there anyone that has experience with installing and supporting SecureDoc and would be willing to come to UTSA as a paid consultant for a time period that could be as long as six weeks?

 

--

Pebby Garner
Office of Information Security (OIS)
The University of Texas at San Antonio

 

3 Comments
Assessing SharePoint Security
May 31, 2012 | Dan Woodruff

SharePoint is used heavily as a collaboration tool and documentation repository in our environment, and we are trying to determine the best approach to take to assess its security. One activity we would like to perform is to scan document repository content for sensitive data. Since the backend for SharePoint is a database, we’d have to figure out a way to extract the documents to flat files so they could be examined en masse. Are there any tools that will automate the extraction?

 

Other than assessing the application to standards and policies, how are other schools assessing SharePoint? Are you performing any kind of technical assessment such as a penetration test and if so, has it been a valuable (actionable) exercise? I fear performing a web application penetration test of such a dynamic and complex application would be a daunting task with little valuable output.

...
3 Comments
FTK image mounting question & Mobile Devices
May 2, 2012 | James H. Moore
Accessdata is still looking for the answer to this question – can FTK mount non-Windows (hfs+, UFS, ext2, ext3, and mobile device) filesystems as Windows partitions?

The situation.  FTK has a number of distinct advantages.  One new one is the ability to remotely acquire images (one system at a time) in their workstation product.  I had used EnCase and their VFS product to mount forensic images and run Identity Finder scans from Windows.  In EnCase Workstation 4.x (and 5.x, I think), VFS would mount the image as a drive, but would only work for FAT and NTFS filesystems.  I complained to Guidance Software  throughout that time.  They represented hfs+, UFS, ext2, ext3 internally as a generic hierarchical filesystem, and you could read/copy individual files, why couldn't they export them.  In version 6 of EnCase, they did.  But VFS also became unreliable.  I would have to attempt the...
3 Comments
Cell phone security policy
May 2, 2012 | Matt Marmet

Good Morning Everyone,

 

There has been some interest here at Armstrong in moving towards a cell phone stipend model. We have discussed the pros and cons with our various carrier reps and seem to have a clear understanding of them. However, there is one concern that we have and that is security. If we move to this model, all of the cell phones would be personal along with the billing plans. Our initial reaction is to have something in place to be able to wipe the devices clean in case of termination or a lost device. That way all email and potentially other institutional data can be deleted. We use Google mail for email and have heard of some options with that. I have 2 questions for the list:

 

1)      What in particular are you doing about institutional information on a private device (encryption,...

3 Comments
Vendor remote control for printer support
March 15, 2012 | Dean J. Williams
Is anyone allowing vendors to remote control your employees' computers with products such as LogMeIn?  

A company from whom we lease printers has been getting departmental staff to let them control their computers with LogMeIn, for the purposes of installing printer drivers and configuring campus printers.  Giving strangers access to institutional computers that are likely to contain sensitive information makes me a little nervous. 

Whether it's a printer vendor or an employee who wants to do it, though, the demand for remote control or remote desktop doesn't seem to be diminishing.  Has anyone found a secure and practical balance between the advantages of remote control, and the risks that come with it?   Any specific product experience, good or bad? 

(We use SimpleHelp for IT staff to share clients' screens, but I see that as quite different from letting a vendor do so...
3 Comments
IP Address Management / DNS and Bluecat Networks
March 8, 2012 | Walter Petruska
USF is investigating new solutions to the functions of DNS, DHCP and IP address management.

We would like something which is highly available, integrates well or can supplement/replace a windows-based DHCP service, has multi-level administration, logging and can provide DNSSEC/IPv6 functionality.

I've been looking at Bluecat Networks, but been repeatedly put off by their pre-sales approach and refusal to discuss pricing for planning.

Any comments/ suggestions regarding your own use of Bluecat Networks, or identification of alternative solutions is appreciated.

--
Walter Petruska CISSP, CISA, CGEIT
Information Security Officer
infosec.usfca.edu

University of San Francisco
Lone Mountain North - 2nd Floor
2130 Fulton Street
San Francisco, CA 94117...
3 Comments
ROI on stateful and deep-packet-inspection firewalls
January 31, 2012 | Listserv Anonymous User
Message from advax@triumf.ca

We are upgrading our core routers, and I've been wading thrpough vendor bumf ... It seems that routers generally support stateless firewalling (ingress/egress filters, port blocking) at full line rate as part of the default configuration. Then you can layer stateful protocol-aware firewalling on top of that for more money, at reduced bandwidth. And then again, deep inspection, antivirus and app tracking for yet more money and yet less bandwidth. I'm wondering what the ROI is for installing these products, apart from what the vendors tell us. I'm a bit wary of sinking a lot of time and money into a digital Maginot Line, in an academic environment where we can't easily categorize network connections into good and bad. I'm more in favour of hardening sensitive assets close in. What experience do others have of deploying firewall products like Cisco ASA 5000's or Juniper SRX ? Do you see a big dropoff in downtime and trouble...
3 Comments
disabling some phishing forms
January 19, 2012 | Robert Bayn
When a user reports a phish message with a "click here" link that goes to a google doc, it's easy to submit an abuse notice using the link at the bottom of the doc form.  If a webserver is compromised, the phisher may install a SourceForge phpformgenerator.  I've found in several instances that you can go to the first level directory in the link to the form and see the phpformgenerator management screen.  And it often lets anyone who sees the page delete any of the forms created by the formgenerator.  That at least temporarily disables the mischief while I contact the site owner to check for the compromise.

Bob Bayn          (435)797-2396            IT Security Team
      ...
3 Comments
New Account Information Distribution
January 11, 2012 | Dennis L. Self
We are looking for an efficient, secure means to distribute new account information to our constituents.  Today we snail-mail letters with a temporary password to a setup system where the user can set their usable password.  If you have a solution that has worked well for you and is strong in security and identity verification, would you reply to me directly, please?

Dennis Self
Director, IT Security & Compliance
Technology Services
Samford University
(205) 726-2692
3 Comments
Data Classification Schema
December 30, 2011 | Julie Myers

We have a four level data classification structure at the University of Rochester:  Legally Restricted, Confidential, Internal Use Only, Public. 

 

I know many university’s have a data classification policy and within that policy examples are highlighted for the reader.  I was wondering if anyone has taken their data classification process down to the next level and created a data map / schema to assist the end users and to try remove the shades of gray when trying to classify department specific information ?  We continually are question on “what is confidential” and are trying to more clearly define this for our end users. 

 

I hope you all have a wonderful New Year !

 

Thank you,

 

...
3 Comments
Static vs. dynamic dhcp assigned addresses
December 12, 2011 | James L. Mayne

TCU has always provided user’s with static ip addresses using dhcp reservations. However with the flood of new mobile devices it is straining our ability to efficiently assign these types of ip addresses. In discussing a movement to dynamic addresses the issue of incident response and troubleshooting comes up.

 

Would others using dynamic addresses share their tactics and any estimate of added effort involved when tracking down issues identified by ip addresses, whether they be from external complaints, IDS logs, firewall logs etc.

 

Thanks,

Jim

 

Jim Mayne
Information Security Services

 

3 Comments
security. Bringing up SAS70 requirements once again.
December 11, 2011 | Listserv Anonymous User
Message from dgrisham@salud.unm.edu

Back in 2009 Daniel Sarazen University of Massachusetts asked the group about requiring SAS70's or third-party assessments of both large and small contracts/companies. Unfortunately, only one person responded to the question about "should an entity require SAS70 or equivalent for large contracts as well as small ones in the $300 range". Once again the question has come up across the security groups here at UNM-HSC. I am curious what other academic health centers positions are in regard to requiring "third-party analysis of controls" when outsourcing ePHI or PII. Given the risk of breach costs (reputational, notification, potential fines, etc.) IMHO the risks are too high to not require an independent assessment no matter the size of the contract. There are beneficial smaller services that our researchers and physicians find by companies that cannot afford SAS70 audits. So, for those smaller contracts with smaller companies does anyone...
3 Comments
Is anyone on the list using the CopySence appliance from Audible Magic
December 1, 2011 | Michael Cole
Is anyone on the list using the CopySence appliance from Audible Magic to deter file sharing of copyright protected material instead of limiting or blocking p2p traffic altogether?  If so we be interested in hearing your experience with the product, good or bad.
 
 
Michael
 
Michael A. Cole '2010
Manager of Network Operations
Clark University
950 Main street
Worcester,  MA  01610
508.793-7772
 
 
 
3 Comments
Microsoft BitLocker
November 29, 2011 | Matthew Y. Giannetto

We’re experiencing a very frustrating issue with Microsoft BitLocker on our Dell Latitude E-Series laptops.  The problem is that occasionally and for no discernable reason, the TPM module for the laptop gets disabled in the BIOS.  This causes the system to prompt for a BitLocker Recovery Key at boot, rendering the system useless until the user contacts the help desk.  

 

I’m hoping to compare notes with other institutions that are using TPM with hard drive encryption so we can try to isolate a cause for our problem.  For anyone using hard drive encryption (BitLocker or otherwise) with TPM, would you mind giving me a little info about your deployment and experiences?

·         What laptop make and model do you use?  Approximately how many are in your environment?

...
3 Comments
​Call for Papers: World Congress on Internet Security (WorldCIS-2012)
November 23, 2011 | Paul Kelly

CALL FOR PAPERS

********************************************************
World Congress on Internet Security (WorldCIS-2012)
Technically Co-Sponsored by IEEE UK/RI Computer Chapter and IEEE K/W Section
June 10-12, 2012
www.worldcis.org
********************************************************

The World Congress on Internet Security (WorldCIS-2012)
is Technically Co-Sponsored by IEEE UK/RI Computer Chapter
and IEEE K/W Section. The WorldCIS-2012 is an international
forum dedicated to the advancement of the theory and practical
implementation of security on the Internet and Computer Networks.
The inability to properly secure the Internet, computer networks,
protecting the Internet...

3 Comments
PenTest Magazine - try us for free!
November 22, 2011 | Listserv Anonymous User
Message from maciej.kozuszek@software.com.pl

Hi everyone,

I'd like to encourage you to have a look at PenTest Magazine - the only publication devoted to penetration testing.

Each week around 20 pages to be downloaded for free, and lot of free stuff on a website.

Articles, interviews, tutorials and a lot more.

Visit us at: www.pentestmag.com

See for yourself that PenTest is worth subscribing to.

Best regards, -- Maciej Kozuszek PenTest Magazine Managing Editor Software Media Sp z o.o. www.pentestmag.com
3 Comments
Malware forensics
November 18, 2011 | Dave Nevin
We're currently reevaluating how we perform Malware forensics here and wanted to see what others were doing. Are you doing it in-house or outsourcing? 

If in-house, do you have dedicated staff for this, or is this tasked distributed? How do you keep people current—do you have a preferred vendor for training?

If you outsource, do you use a major vendor such as one of the big consulting firms, or do you prefer a local specialist? How has this worked for you? 

Or have you implemented a blended solution, where certain cases are handled in-house and others referred to a vendor? 

Thanks all, and happy Friday,

Dave

--
Dave Nevin, IT Manager
Technology Support Services/Information Services
Oregon State University
Corvallis, OR


...
3 Comments
email as directory info
June 5, 2013 | Jane Rosenthal

Hello all,

I’ve seen other U’s that have the email directory behind the portal log-in—still allows for collaboration, but is not “public” or open to the world.  I would love to see this model here—just cuts down on external crawling of our site and protects the users.

 

We have 2 things at KU—one a student may choose to restrict their email address from showing up in the public/online directory if they do that in the privacy settings.

 

Second, at KU we have email as directory info, however, our policy states that email in bulk is not released due to privacy issues.

Further, our state Open Records/Sunshine laws allows us to not provide bulk listings e.g. name + email of all students if the requesting party is asking for the listing for...

2 Comments

Jump to a Month

See Entire Archive

Group Leaders

Michele Norin
The University of Arizona
Peter J. Murray
University of Maryland, Baltimore
Rodney Petersen
EDUCAUSE

Related to this Group...

Cybersecurity Initiative

Research and Publications

Conferences and Events

Career Development

Focus Areas and Initiatives

Connect and Contribute

About EDUCAUSE

Close


Current Issue
May/June 2013
EDUCAUSE Review

Publications

Research

Close


Annual Conference
October 15–18, 2013
Register now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

See All Events

Close

EDUCAUSE Institute
Leadership/Management Programs
Explore More

Career Center

Find or Post a Job

Leadership and Management Programs

EDUCAUSE Institute
Advanced Programs
Project Management

 

Fellowships and Awards

Fellowships
Awards Programs

Getting Involved

Mentoring
Volunteer
Speak at an Event

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

Advance Your Career

 

Close

Latest Topics

EDUCAUSE organizes its efforts around three IT Focus Areas

 

Enterprise and Infrastructure

Enterprise and
Infrastructure

Policy and Security

Policy and
Security

Teaching and Learning

Teaching and
Learning

 

Join These Programs If Your Focus Is

Close

From the Blogs
Grit
by
Diana Oblinger

Find Others

Share Ideas

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

Create Your Profile

 

Close

2013 Strategic Priorities

  • Connected Learning
  • Enterprise IT
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.
 

Discover Membership