Click here to receive your FREE subscription to Campus Technology

Home > 8 Spots for Tightening Security on Campus

Article

8 Spots for Tightening Security on Campus

2/2/2004

By Linda L. Briggs

5. Sell Security to Management

Here's another challenge for all IT professionals, but that may be especially tough on campus because of tight funds: getting management on board for any security push. It's important that your school's top managers see security as the priority it is, and act accordingly - that is, that they allocate realistic funds for the software you need to lock down your systems, for education programs, and for adequate personnel.

Management responds to numbers, so putting together estimates on what security breaches are costing the school in terms of down time, hours spent by your staff repairing the damage, and so forth, can be effective. Damage to the school's reputation can also be a warning point; many large-scale cyber-attacks have made ample use of university computers.

For Susan Monsen, director of IT services at Yale University's Law School, lack of resources is definitely an issue. Her biggest challenge: Dealing with compromised student laptops on the network. "We don't have a way to scan and remove viruses" automatically system-wide yet, she says. "That's something we're working on." Regarding security in general, she says, "There are good tools out there, but they're very expensive."

"There are good tools out there, but they're very expensive."

The problem peaked in September at the law school, when a widely spread virus was attacking Microsoft operating systems and unsuspecting students returned to campus with infected laptops. Now, the problem is down to three or four laptops a week, she says.

Requiring students to register their network cards in order to get access outside the campus on the university's network helps, she says - students can then be tracked down through a database and contacted if necessary through their network IDs.

6. Set and Enforce Testing Standards

As you continue to develop, integrate, and enforce working security policies for your organization, cooperation and communication among various groups on campus are key. Among other things, this becomes important in setting and enforcing testing standards for how new software is deployed. In examining how an SQL server was compromised, a case study from the University of Memphis highlights the importance of policies for making sure that testing is conducted in keeping with agreed-upon security policies. As the authors of the case study conclude in one of their findings after the security breach was closed, agreeing on what tests are required before deployment into the production environment is paramount:

"Equilibrium between experimentation and security standards must be established. It may not be appropriate to deploy an application into a production environment unless appropriate security testing has been performed… Service administrators must understand the importance of securing, and keeping secure, the production environments upon which services depend."

7. Review Data Retention Policies

With the enactment of the USA Patriot Act in 2001 ("Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001"), data retention has become a security hot spot.



Recommended Reading
  • Sun, Stanford Working To Archive History

    In May in San Francisco, experts from leading universities, libraries, and research institutions around the world met as part of an ongoing effort to address a pressing issue: archiving the world's history, right up to today.

  • The Quilt Coalition Rolls Out XO Communications for High-Capacity Network Services

    The Quilt, a coalition of 28 regional network organizations, has added XO Communications Services to its authorized vendor list. The Quilt represents 200 universities and thousands of other educational institutions across the United States. With this new relationship, Quilt members can purchase XO's high-speed IP transit and network transport services at competitive rates.

  • Wimba Classroom 5.2 Expands Classroom Capture Support, Adds MP3 Downloads

    At the NECC 2008 conference in Texas this week, Wimba launched a new version of Wimba Classroom, the virtual classroom component of the company's Collaboration Suite. The new 5.2 release expands options for classroom capture and adds a variety of other functional and ease of use features.

  • Automation Chimera: Education Is Not Management

    The lure of automating workflow online so human intervention is minimized is continually reinforced in the minds of higher education administrators by examples of automated campus systems such as financials, student information systems, and other enterprise systems. But what's good for management is not always good for learning.

  • Cognos Releases BI Software for Linux-based IBM System z Mainframe

    Cognos, which IBM acquired in January, has released an update to its business intelligence software that will run on the Linux operating system on IBM System z mainframes. IBM Cognos 8 BI was being developed by the two companies prior to the acquisition, but assimilation of Cognos into IBM accelerated development.

  • Facebook and Collegiality: A Serendipitous Social Niche

    Facebook is a way to greet a colleague as if she or he is on your own campus: a wave at a distance, a hello at the corner burrito place, a honk as you both leave the campus parking lot. Informal collegiality has been extended over the miles.

Related Articles

send e-mail link to articleEmail this article

print this articlePrintable Format