Click here to receive your FREE subscription to Campus Technology
News Feature
Once More unto the Breach
4/13/2007
"This is because the legislators that worked on such laws understand that encrypted data is essentially useless even if it falls into mischievous hands. Financial services and the retail/hospitality sectors have been much more aggressive since SB 1386 at encouraging (and, in some cases, mandating) the use of encryption to protect this data. As the use of encryption increases in those industries, the number of breaches will decrease. A similar movement in higher education will be necessary in order to begin to stem this tide."Said Alex Hart, Director of SLED Programs at Symantec: "Higher education institutions share similar challenges with other large organizations, whether public or private, in effectively protecting personal data. Traditionally, computer security in many cases has been viewed as reactive, tackling each breach or vulnerability as it appears. The problem, unfortunately, is much more complex. It’s really not an issue of preventing sensitive information from leaking, but rather one of information protection. This means that the information--the data--has to be proactively protected wherever it may be: at rest (storage), in motion (messaging), or in use (Web applications, PCs, personal devices, etc.)."
"Proper use of encryption could have prevented the UCSF incident," said RSA's Parkerson. "Other companion technologies to encryption such as security event monitoring, content filtering, and application activity monitoring could have also lessened the risk. But, encryption is one of the only security technologies that have been proven consistently to significantly lessen risk."
A String of Incidents
The UCSF is the latest in a long string of reported breaches in data security in higher education. The most notable recent example also occurred within the University of California system. In December 2006, the University of California, Los Angeles reported that approximately 800,000 student, faculty, and staff records had ben compromised in a series of intrusions spanning 13 months (October 2005 through November 2006). This breach also involved Social Security numbers tied with names, birth dates, and other information.
This incident, owing to its magnitude, attracted more attention than most university security breaches. (This includes attention from California legislators.)
The UCLA event was also more severe in the context of duration between the start of the breaches to the time the university notified people of the breach. One analyst we talked to said that this is owing to a lack of system management, consistency in process, risk evaluation, and monitoring.
"A prime example is the UCLA breach reported in December of last year where they had to alert 800,000 current and former students, faculty and staff that their names, social security numbers, home addresses, and birth dates were exposed during a year of data security breaches. The attacks started in October of 2005 and weren’t detected until November of 2006," said John DiMaria, manager of business continuity for
Recommended Reading
- Cedarville U Sets Up SonicWall Firewalls
Cedarville University in southwestern Ohio has implemented SonicWALL firewalls to provide high-speed gateway firewall protection for its 3,000 students.
- Data Breach Strikes U North Dakota Alumni Association
The alumni association for the University of North Dakota has gone public with a data breach that occurred when a laptop belonging to a software vendor was stolen from a vehicle. The computer contained the names of 84,000 university alumni, donors, and others, according to coverage by the Grand Forks Herald.
- Tips for Selecting a Campus CRM tool
As competition for students increases, colleges and universities are looking more and more to customer (or constituent) relationship management software for help in remaining competitive.
- Intercast Networks Goes into Beta with Kazam Video Service at Internet2 Universities
Intercast Networks has redesigned Kazam, its student Internet TV and video service based on the company's VideoXpress platform. Following a spring semester alpha trial at Columbia and Purdue University, the company redesigned Kazam's interface based on student feedback and added additional content that caters to a student audience.
- Michigan State Managing MRI Images from Africa with Acuo Tech DICOM Services Grid
Doctors at Michigan State University have begun using the Digital Imaging and Communications in Medicine (DICOM) Services Grid from Acuo Technologies to transport and manage magnetic resonance imaging (MRI) results from a hospital in Malawi, Africa in order to monitor the impact of malaria on children.
- IIT Delhi Delivers Services with Ingres Open Source
Administrators at the Indian Institute of Technology Delhi (IIT Delhi) have gone public with their installation of open source database management software from Ingres. IIT Delhi, one of seven leading institutes of technology in India, adopted Ingres Database to support administration functions such as grading, finance, human resources, procurement, and hospital administration.
