Click here to receive your FREE subscription to Campus Technology
Current News
A Damning Indictment
5/6/2004
"Insecure and Unaware…"An indictment of higher ed IT management that may well resonate across campus
Well, it looks like the insurance folks, the corporate defense attorneys, and
the auditors finally got together and took a critical look at campus network
security. Most of it is nothing we haven't already heard about, and talked about,
but a recent article in The Chronicle of Higher Education presents it
all in a fairly damning (alarmist) kind of way:
· "[U]niversities are among the least secure places in the universe,
as far as computing g'es."
· "[M]any institutions do not properly maintain and test their strategies
for recovering lost data . . . in the event of catastrophe."
· "[I]t may be just a matter of time before colleges are hit with
multimillion-dollar lawsuits accusing them of negligently operating their networks."
D'esn't that just make you want to curl up and, defensively, go to sleep? That's how I felt when I read the article the first time. The second time I kept thinking, "Hey, but they just don't understand higher education." The third time, I also thought, "Hmm, there are some useful insights here." The bottom line is that someone, somewhere on your campus is going to hand this article to your president, or worse, to a trustee. Ouch. What are you going to do then?
The lengthy Chronicle article, titled "Insecure and Unaware: An analysis of campus networks reveals gaps in security," appears in its May 7 issue. Go ahead, read it. I'm going to summarize it, but given the varying directions from which fallout from this article is going to come at you, you had better read it for yourself. And, get ready to spend some money that you don't have, because this article is going to resonate.
The gist of the article can be summarized this way: With respect to limiting access, risk assessment, securing data, and planning for disaster, especially from the perspective of the types of people who might conduct audits of legal liability exposure, colleges and universities are low on the totem pole of successful practices in the commercial, corporate world.
What brought the article about? A number of security breaches, confidential information releases, and other related issues on campuses have made news in the past year, and clearly someone saw a pattern. The Chronicle obtained IT audit results from several public institutions and has synthesized some of the more alarming information.
The security issues presented are, by and large, "people" issues,
not hardware and software issues. The most prevalent problems identified by
the Chronicle's survey of audits are:
· Institutions are not doing well enough at ensuring that users (students,
faculty, staff) protect their accounts, largely acquiescing to sloppy password
practices;
· Many institutions either lack disaster recovery plans or fail to test
them;
· Personnel practices frequently leave terminated employees with the
ability to access information or modify it; and
· Few institutions are conducting the kind of risk assessments that inform
them about where their top priority risks might be.
Recommended Reading
- News Update :: Tuesday, November 25, 2008
:::::: NEWS
: Institute for Cyber Security at U Texas, San Antonio Opens Incubator
: ISO/IEC Publishes Office Open XML Standard
: Dynamics NAV 2009 ERP Coming Next Month
: Southwest Baptist U Adopts Angel LMS
: IE8 Release Candidate Coming on Q1 2009
: Hodges U Credits Lecture Capture for Online Enrollment Boost
: Mitsubishi Debuts WXGA Projectors for Education
: Slippery Rock U Applies SAS to Data Management and Reporting
: Moodle Gets SCORM Improvements, Security Fixes - IT Trends :: Thursday, November 20, 2008
:::::: CASE STUDY
:: DePaul Sets the Bar in Student Relationship Management
:::::: IT NEWS
:: Microsoft Unveils Exchange and SharePoint as Services
:: Penn State Pilots Proctored Online Testing System from Kryterion
:: State-wide New Mexico E-learning Program Adopts Wimba for Collaboration
:: IBM Launches 'Pass It Along' Social Networking, Knowledge Sharing Tool
:: MIR3 Adds Recorded Response Feature to Mass Notification Service
:: Northern New Mexico College Moves to Latest AVG Anti-Virus
:: Ubuntu ARMed for Mobile Expansion - SmartClassroom :: Wednesday, November 19, 2008
:::::: SPOTLIGHT
: 6 Ways Not To Become Rote Using Instructional Technology
:::::: NEWS and PRODUCT UPDATES
: CSU System Adopts Moodle LMS Services
: CourseCast Integrates Closed-Captioning Service
: Wimba Pronto 2.1 Adds Accessibility, Spanish Language Features
: Mitsubishi Debuts XD95U 'Pico' Projector
: InFocus Launches DisplayLink Projector for Education - Web 2.0 :: Wednesday, November 19, 2008
:::::: THE BUZZ
: Bringing Student Web "Stuff" to Campus Enterprise Systems
:::::: WEIGHING IN
: Tipping Point for "Content"--Dynamic Interaction, Not Static Stuff
:::::: PRODUCTS AND APPS
: Delta iTunes U Helps Meet Student Expectations for Web 2.0 Apps
: Penn State Pilots Proctored Online Testing System from Kryterion
: State-wide New Mexico E-learning Program Adopts Wimba for Collaboration
: CSU System Adopts Moodle LMS Services
: Office Web Apps Will Work on iPhones - News Update :: Tuesday, November 18, 2008
:::::: NEWS
: Carnegie Mellon Validates Production Xirrus 802.11n Network
: Ave Maria U Deploys In-Building Cellular Gear
: ASU Campus Nixes Fiber; Chooses Gigabit Wireless for Network Connectivity
: Sun Unveils Family of Open Storage Appliances
: Office Web Apps Will Work on iPhones
: Sun To Cut More Than 15 Percent of Global Workforce
: Texas A&M Upgrades Supply Chain Lab Curriculum
: Texas Lutheran U Implementing Jenzabar EX for ERP
: Anna U Chennai Partners with Cypress on Embedded Systems Engineering - Campus Security :: November 14, 2008
:::::: SECURITY SPOTLIGHT
: Smart Phone Security: New Challenges for Road Warriors
:::::: CAMPUS SECURITY NEWS
: SMobile Releases Antivirus To Protect Google Android Phones
: Blue Coat Integrates Network Appliances
: e2Campus Provides Twitter Integration in Emergency Notification System
: Moodle Gets Student Verification Capabilities
: Rave Wireless Adding BlackBerry Devices to Notification Service
: U Miami Trades IPS for Top Layer Security System
: Cornell Hardens Campus Network with Gigabit Wireless Radio Links
: U Pittsburgh Turns to Verizon Business for Automated Notification Services
