Main Nav

The North Dakota University  System has been using a Problem Tracking System for several years that, mostly through access control,  protects the privacy of the persons referenced in the individual “tickets” so we have been able to use this system for IT  behavioral issues with students and employees.  These issues would range from compromised or unprotected devices to SPAM complaints to Intellectual property complaints to subpoena issues.  The tracking system was acquired for the Help Desk  and then the Security Officers were able to tweak (or convince the vendor to adapt) the system to give the privacy protections needed.

 

We are now moving to a different system for the Help Desk and the new provider is not able to adapt their system to provide anything close to the level of privacy needed for these issues.

 

I am leaning toward  a totally separate ticketing system for these issues.

 

Any thoughts or suggestions would be appreciated.

 

 

 

Comments

Not really trying to endorse Numara Footprints, (we do love the system!) – but – it supports “workspaces” within it’s architecture which allows you to create separate “silos” within the one product.  That way – you can create a completely separate “security workspace” outside of your regular everyday “service request workspace” that only a limited subset of folks can see or access.  You can even set it up so that you can create tickets outside of the restricted workspace – basically, the “dropbox” model…..

 

I’ve seen the same kind of model created using ARS/Remedy…..but it was a LOT more complicated….

 

M

 

At Indiana University we use a separate system, different from the help desk. We haven’t seen that functionality that you had, so it has not been an option for us to merge the two ticketing systems.

 

Best regards,

Merri Beth

 

Merri Beth Lavagnino, CIPP/US, CIPP/IT

Chief Privacy Officer and Compliance Coordinator

Public Safety and Institutional Assurance

Indiana University

https://protect.iu.edu/mbl

 

*** Please note the attachment called PGP.sig is my electronic signature file. It is NOT a file you need to open. If you were using the PGP program, it would use that file to verify that this email actually came from me. ***

 

Now that both products are owned by BMC, I suspect we will see changes to both of them. We use both Footprints and Remedy. They provide adequate separation that we desired. Both programs have their issues in functionality. --Jason
Message from alacer.cogitatus@gmail.com

We use Footprints as well, although not in this particular use case, but it is configured with workspaces. Our library has their own workspace for tickets that IT doesn't really care about. I've also seen some other free ticketing software, SpiceWorks has that functionality, but I'm not sure if that would work enough for you.
Some residence hall/student management programs have this feature built in. You may already own a product that includes it (at least, for students).

--Adam

Hi Dick -- the UT Austin ISO developed a custom application (starting back in 2004) that allows us to both handle all of the incidents we encounter on a daily basis and manage the proactive risk management engagements we work on (e.g., pentests, assessments, internal projects).. we've also integrated it into our security event systems (e.g., IDS, flow) so that we can easily build incident response workflow through a GUI. we find it important to keep this environment isolated from other IT support units for privacy reasons, but we do interact with a number of ticketing systems on campus. hope this helps, ~cam. Cam Beasley Chief Information Security Officer Information Security Office | UT Austin cam@utexas.edu | 512.475.9476 http://security.utexas.edu ================================ Securus - Vigilare - Insanus ================================ > >
Hi Dick -- the UT Austin ISO developed a custom application (starting back in 2004) that allows us to both handle all of the incidents we encounter on a daily basis and manage the proactive risk management engagements we work on (e.g., pentests, assessments, internal projects).. we've also integrated it into our security event systems (e.g., IDS, flow) so that we can easily build incident response workflow through a GUI. we find it important to keep this environment isolated from other IT support units for privacy reasons, but we do interact with a number of ticketing systems on campus. hope this helps, ~cam. Cam Beasley Chief Information Security Officer Information Security Office | UT Austin cam@utexas.edu | 512.475.9476 http://security.utexas.edu ================================ Securus - Vigilare - Insanus ================================ >
Message from valdis.kletnieks@vt.edu

On Fri, 23 Mar 2012 07:43:06 -0600, "SCHALIP, MICHAEL" said: > I've seen the same kind of model created using ARS/Remedy.....but it was a > LOT more complicated.... We're doing it in Remedy. Wasn't that bad - or maybe our local Remedy wizard is higher-level than we thought. ;)

At the University of Virginia we use a separate system.

 

-Shirley

 

Shirley C. Payne, CISSP, CRISC

Assistant Vice President for Information Security, Policy, and Records

University of Virginia

(434) 924-4165

 

Thanks for the responses both on and off-list.  We have some directions to explore.