Click here to receive your FREE subscription to Campus Technology
Article
8 Spots for Tightening Security on Campus
2/2/2004
5. Sell Security to Management
Here's another challenge for all IT professionals, but that may be especially tough on campus because of tight funds: getting management on board for any security push. It's important that your school's top managers see security as the priority it is, and act accordingly - that is, that they allocate realistic funds for the software you need to lock down your systems, for education programs, and for adequate personnel.
Management responds to numbers, so putting together estimates on what security breaches are costing the school in terms of down time, hours spent by your staff repairing the damage, and so forth, can be effective. Damage to the school's reputation can also be a warning point; many large-scale cyber-attacks have made ample use of university computers.
For Susan Monsen, director of IT services at Yale University's Law School, lack of resources is definitely an issue. Her biggest challenge: Dealing with compromised student laptops on the network. "We don't have a way to scan and remove viruses" automatically system-wide yet, she says. "That's something we're working on." Regarding security in general, she says, "There are good tools out there, but they're very expensive."
"There are good tools out there, but they're very expensive."
The problem peaked in September at the law school, when a widely spread virus was attacking Microsoft operating systems and unsuspecting students returned to campus with infected laptops. Now, the problem is down to three or four laptops a week, she says.
Requiring students to register their network cards in order to get access outside
the campus on the university's network helps, she says - students can then be
tracked down through a database and contacted if necessary through their network
IDs.
6. Set and Enforce Testing Standards
As you continue to develop, integrate, and enforce working security policies for your organization, cooperation and communication among various groups on campus are key. Among other things, this becomes important in setting and enforcing testing standards for how new software is deployed. In examining how an SQL server was compromised, a case study from the University of Memphis highlights the importance of policies for making sure that testing is conducted in keeping with agreed-upon security policies. As the authors of the case study conclude in one of their findings after the security breach was closed, agreeing on what tests are required before deployment into the production environment is paramount:
"Equilibrium between experimentation and security standards must be established.
It may not be appropriate to deploy an application into a production environment
unless appropriate security testing has been performed… Service administrators
must understand the importance of securing, and keeping secure, the production
environments upon which services depend."
7. Review Data Retention Policies
With the enactment of the USA Patriot Act in 2001 ("Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001"), data retention has become a security hot spot.
Recommended Reading
- Beck Technology Donates DProfiler to Colleges, Universities
Beck Technology recently announced that it will donate its DProfiler software platform to colleges and universities for use in construction-related coursework.
- Microsoft Adds Gen 4 Datacenters for Cloud Computing
Microsoft is initiating the fourth in a series of datacenter upgrades to enable its cloud computing services, according to a Microsoft blog post Tuesday. And, like everything else in the software world, being highly modular is a good thing.
- Can You Operate as a Virtual Being?
Now that we are conducting at least a part of our business of education virtually and often meeting in virtual environments, let's explore the really big question for academics in a Web 2.0 era...
- Columbia Center To Smooth Web Operations with Collaboration Suite
A college or university without a Web site is inconceivable today, but with every site comes the challenge of managing content. Some sort of automated system is a given, but how much should the site's content management system integrate with other aspects of the campus computing infrastructure?
- IBM's Pass It Along: Mapping Memes Toward A Learning Organization
How IBM's new release is following through on old challenges... big ones.
- North Idaho College To Provide Accessible Lecture Recordings for Disabled Students
North Idaho College will be implementing a new classroom capture system as part of an effort to provide accessible education to students with disabilities. The college will be using SpeakerBox from ClearSky Systems for the lecture capture program beginning in January 2009.
