Click here to receive your FREE subscription to Campus Technology
Current News
A Damning Indictment
5/6/2004
"Insecure and Unaware…"An indictment of higher ed IT management that may well resonate across campus
Well, it looks like the insurance folks, the corporate defense attorneys, and
the auditors finally got together and took a critical look at campus network
security. Most of it is nothing we haven't already heard about, and talked about,
but a recent article in The Chronicle of Higher Education presents it
all in a fairly damning (alarmist) kind of way:
· "[U]niversities are among the least secure places in the universe,
as far as computing g'es."
· "[M]any institutions do not properly maintain and test their strategies
for recovering lost data . . . in the event of catastrophe."
· "[I]t may be just a matter of time before colleges are hit with
multimillion-dollar lawsuits accusing them of negligently operating their networks."
D'esn't that just make you want to curl up and, defensively, go to sleep? That's how I felt when I read the article the first time. The second time I kept thinking, "Hey, but they just don't understand higher education." The third time, I also thought, "Hmm, there are some useful insights here." The bottom line is that someone, somewhere on your campus is going to hand this article to your president, or worse, to a trustee. Ouch. What are you going to do then?
The lengthy Chronicle article, titled "Insecure and Unaware: An analysis of campus networks reveals gaps in security," appears in its May 7 issue. Go ahead, read it. I'm going to summarize it, but given the varying directions from which fallout from this article is going to come at you, you had better read it for yourself. And, get ready to spend some money that you don't have, because this article is going to resonate.
The gist of the article can be summarized this way: With respect to limiting access, risk assessment, securing data, and planning for disaster, especially from the perspective of the types of people who might conduct audits of legal liability exposure, colleges and universities are low on the totem pole of successful practices in the commercial, corporate world.
What brought the article about? A number of security breaches, confidential information releases, and other related issues on campuses have made news in the past year, and clearly someone saw a pattern. The Chronicle obtained IT audit results from several public institutions and has synthesized some of the more alarming information.
The security issues presented are, by and large, "people" issues,
not hardware and software issues. The most prevalent problems identified by
the Chronicle's survey of audits are:
· Institutions are not doing well enough at ensuring that users (students,
faculty, staff) protect their accounts, largely acquiescing to sloppy password
practices;
· Many institutions either lack disaster recovery plans or fail to test
them;
· Personnel practices frequently leave terminated employees with the
ability to access information or modify it; and
· Few institutions are conducting the kind of risk assessments that inform
them about where their top priority risks might be.
Recommended Reading
- News Update :: Tuesday, August 26, 2008
:::::: NEWS
: Report: Green Efforts Improving on Campuses
: Polytechnic Institute of NYU Deploys Array Networks Equipment for Access Control
: Oracle Releases Student Administration Integration Pack
: Red Hat Hacked, Company Issues Security Advisory
: Sun Open Sources Mobile Toolkit LWUIT
: Vulnerability Management Needed for Security, Study Says
: Microsoft Details SharePoint-SQL 2008 Integration
: Higher Ed Growing into BI, Data Warehousing
: LectureShare Updates Free Course Management System - Campus Security :: August 22, 2008
:::::: CASE STUDY
: Corralling Identity Management
:::::: CAMPUS SECURITY NEWS
: Vulnerability Management Needed for Security, Study Says
: Wayne State Deploys Q1 Labs QRadar to Manage and Secure Network
: KU Medical Center Installs Real-time Beacon System
: Virginia Tech Tries 'Compliance Sheriff' To Improve Web Site Accessibility
: Microsoft, BearingPoint Team Up To Provide Risk-Based Compliance Solution
: Collaboration Key to Security, Microsoft Says
: IBM Unveils New Software Designed To Streamline eDiscovery
: Security Woes Up, as PHP and OSS Make the List - IT Trends :: Thursday, August 21, 2008
:::::: INTERVIEW
:: Higher Ed Growing into BI, Data Warehousing
:::::: IT NEWS
:: Microsoft Changes Virtualization Licensing Rules
:: Vorex Upgrades Web-based Data Collection Tool for Schools
:: AT&T 'Big Mobile' Grant Extended
:: U Illinois Implements New StorMagic SAN in 15 Minutes
:: OOXML Reaffirmed, ISO/IEC Reject Appeals
:: Butler U Deploys Virtual Proofpoint Messaging Security Gateway
:: Linux Application Checker Brings Distro Help - SmartClassroom :: Wednesday, August 20, 2008
:::::: INTERVIEW
: The Power of Wikis in Higher Ed
:::::: NEWS and PRODUCT UPDATES
: Sakai 2.5.2 Gets Performance Boost; New Modules Released
: Georgia Virtual Tech Moves to Angel LMS for Web-based Instruction
: Video Spotlight: Campus Technology 2008 Keynote Address
: AT&T 'Big Mobile' Grant Extended
: Colorado State Launches New Online School - Web 2.0 :: Wednesday, August 20, 2008
:::::: THE BUZZ
: Digital Arrays for Evidence-Based Learning
:::::: WEB 2.0 IN ACTION
: "That Which Weaves Together:" The NSF Cyberlearning Report
:::::: PRODUCTS AND APPS
: Sakai 2.5.2 Gets Performance Boost; New Modules Released
: Vorex Upgrades Web-based Data Collection Tool for Schools
: Colorado State Launches New Online School
: Collexis' Lawriter Debuts Social Network for Law Students - News Update :: Tuesday, August 19, 2008
:::::: NEWS
: Video Spotlight: Campus Technology 2008 Keynote Address
: Report Finds Dip in Microsoft's Browser Share
: Butler U Deploys Virtual Proofpoint Messaging Security Gateway
: VMware's Updates Cause Problems, CEO Apologizes
: Intel Releases Interface for USB 3.0
: Linux Application Checker Brings Distro Help
: Wayne State Deploys Q1 Labs QRadar to Manage and Secure Network
: SunGard HE Releases New Unified Digital Campus
: Higher Education Fertile Ground for 802.11n WiFi, ABI Reports
