Click here to receive your FREE subscription to Campus Technology
Current News
A Damning Indictment
5/6/2004
On reflection, I don't think that there's a whole lot there we aren't fairly aware of. And some institutions cope with some of those things better than others. I don't doubt for a second that there are issues of "openness" relating to university and college culture and the creativity and innovation requirements of academicians. As one commentator put it, would Tim Berners-Lee be able to get a proposal to work on a brand new idea like the World Wide Web in a higher education regime run by auditors?
On the other hand, I suspect that most of the unresolved issues relate simply to funding-meaning campus-based funding, as opposed to research-based and funded, say, by the NSF. That's another tradition that can, in general be called the "under management" of higher education's business side. If it's going to take $300,000 to conduct a risk assessment that's going to tell you what you already know: that you need to get all sorts of people, in all sorts of positions, in all sorts of departments, to change their behavior, well . . . unless someone walks up and hands you that $300,000 for expressly for that purpose, you're not going to be spending it.
Once your heart rate settles down, this article, combined with some insightful preparation and background work already underway by the higher education community, can be viewed as an opportunity. First, check out these resources:
The EDUCAUSE Effective Security Practices Guide is one place to start, and I'd say it's required reading for CIOs and others at some point in the next 24 hours. It's got a lot of good stuff about risk assessment and risk analysis. You might also want to reference Building a Disaster Resistant University, a FEMA publication available online as well. And, conveniently, a coalition higher education organizations sent a letter out in February of 2003 to all college and university presidents in the United States, alerting them to many of these issues. In fact, it sounded a bit alarmist as well: "We've all seen the headlines: grades and salary records altered; medical information and social security numbers exposed to the public; major commercial web sites attacked by hackers using campus computers as a launching point; and massive invasions by Internet worms."
But, I bet that most college and university CEOs blew that letter off. Probably only a handful took it seriously enough to pass it on to their CIO, or to the person their CIO reports to, with a request to bring them up to date on their campus' risk assessment and security position.
That may well change now. Sadly, a prominent article in The Chronicle of Higher Education may get more presidential and trustee attention than a paper letter from an organizational coalition.
I recommend that you review the Effective Security Practices Guide and have
a copy of that letter printed out and handy for when you are asked about the
Chronicle article. You can say that the authorities in your field recognize
that there are important issues involved and, that as a whole, the issues are
being worked on. The next thing you can do, of course, is get to work drafting
that budget request for the risk assessment.
About the author: Terry Calhoun is Director of Communications and Publications for the Society
for College and University Planning (SCUP). You can contact him through CT's IT Trends forum by clicking here. View more articles by Terry Calhoun.
Cite this Site
copy text (above) for proper citation
Recommended Reading
- News Update :: Tuesday, August 26, 2008
:::::: NEWS
: Report: Green Efforts Improving on Campuses
: Polytechnic Institute of NYU Deploys Array Networks Equipment for Access Control
: Oracle Releases Student Administration Integration Pack
: Red Hat Hacked, Company Issues Security Advisory
: Sun Open Sources Mobile Toolkit LWUIT
: Vulnerability Management Needed for Security, Study Says
: Microsoft Details SharePoint-SQL 2008 Integration
: Higher Ed Growing into BI, Data Warehousing
: LectureShare Updates Free Course Management System - Campus Security :: August 22, 2008
:::::: CASE STUDY
: Corralling Identity Management
:::::: CAMPUS SECURITY NEWS
: Vulnerability Management Needed for Security, Study Says
: Wayne State Deploys Q1 Labs QRadar to Manage and Secure Network
: KU Medical Center Installs Real-time Beacon System
: Virginia Tech Tries 'Compliance Sheriff' To Improve Web Site Accessibility
: Microsoft, BearingPoint Team Up To Provide Risk-Based Compliance Solution
: Collaboration Key to Security, Microsoft Says
: IBM Unveils New Software Designed To Streamline eDiscovery
: Security Woes Up, as PHP and OSS Make the List - IT Trends :: Thursday, August 21, 2008
:::::: INTERVIEW
:: Higher Ed Growing into BI, Data Warehousing
:::::: IT NEWS
:: Microsoft Changes Virtualization Licensing Rules
:: Vorex Upgrades Web-based Data Collection Tool for Schools
:: AT&T 'Big Mobile' Grant Extended
:: U Illinois Implements New StorMagic SAN in 15 Minutes
:: OOXML Reaffirmed, ISO/IEC Reject Appeals
:: Butler U Deploys Virtual Proofpoint Messaging Security Gateway
:: Linux Application Checker Brings Distro Help - SmartClassroom :: Wednesday, August 20, 2008
:::::: INTERVIEW
: The Power of Wikis in Higher Ed
:::::: NEWS and PRODUCT UPDATES
: Sakai 2.5.2 Gets Performance Boost; New Modules Released
: Georgia Virtual Tech Moves to Angel LMS for Web-based Instruction
: Video Spotlight: Campus Technology 2008 Keynote Address
: AT&T 'Big Mobile' Grant Extended
: Colorado State Launches New Online School - Web 2.0 :: Wednesday, August 20, 2008
:::::: THE BUZZ
: Digital Arrays for Evidence-Based Learning
:::::: WEB 2.0 IN ACTION
: "That Which Weaves Together:" The NSF Cyberlearning Report
:::::: PRODUCTS AND APPS
: Sakai 2.5.2 Gets Performance Boost; New Modules Released
: Vorex Upgrades Web-based Data Collection Tool for Schools
: Colorado State Launches New Online School
: Collexis' Lawriter Debuts Social Network for Law Students - News Update :: Tuesday, August 19, 2008
:::::: NEWS
: Video Spotlight: Campus Technology 2008 Keynote Address
: Report Finds Dip in Microsoft's Browser Share
: Butler U Deploys Virtual Proofpoint Messaging Security Gateway
: VMware's Updates Cause Problems, CEO Apologizes
: Intel Releases Interface for USB 3.0
: Linux Application Checker Brings Distro Help
: Wayne State Deploys Q1 Labs QRadar to Manage and Secure Network
: SunGard HE Releases New Unified Digital Campus
: Higher Education Fertile Ground for 802.11n WiFi, ABI Reports
