IT Security & Policy -- Campus Technology

IT Security & Policy

03/01/05

Mark Bruhn

Indiana’s Mark Bruhn says he’s heard nearly every song and dance about campus IT security. Check below: Is he playing your song?

Mark S. Bruhn is Indiana University’s CIO and chief IT Security and Policy officer, working in the Office of the Vice President for Information Technology, where he advises the university administration on technology deployment and usage, especially in the critical areas of policy and security. He is also associate director of the IU Center for Applied Cybersecurity Research (CACR) and chairs the CACR-sponsored annual Indiana Higher Education Cyber Security Summit (www.cacr.iu.edu). In addition to his work at IU, Bruhn is a member of the Executive Committee of the Educause/ Internet2 Task Force on Network and Systems Security, co-chairs the Task Force’s Security Awareness and Education Initiative, and is involved in various other efforts to improve IT security in higher education. In other words, if it’s about security and policy, Bruhn is there.

10 - Sensitive data: here, there, and everywhere

Get rid of sensitive data ASAP: not collected, not compromised.
If it must be collected/kept, store it on a secure, well-maintained computer.
Don’t store it on workstations; secure a central computer, not thousands.

9 - Before you accuse me…

Make everyone responsible for his own computer/account/password security.
Require them to ensure only appropriate people have access to their data.

8 - Communications breakdown?

Rethink sensitive e-mail not encrypted before it’s sent out as an open postcard.
Give users a method to communicate sensitive info (PGP, secure Web drop-off).
Require antivirus software on all workstations, servers, e-mail relays—anywhere e-mail and documents are handled.

7 - Just what I needed!

Help your organization realize: Security is a cost of doing business.
Recognize that poor management of systems (i.e., configuration errors or lack of maintenance) accounts for most security breaches.
Make sure techs are given adequate resources to manage and secure IT systems.

6 - The “seeker”

Remember: Crackers use readily available automated scanners to scan entire networks daily for vulnerable systems and services.
Determine: If crackers are doing this, your organization’s techs should, too.
Remove vulnerabilities: Where they could afford privileged access to the system, a complete rebuild is critical.

5 - Set them free

Understand all programs running on servers.
Stop programs/services not truly required, to reduce vulnerability exploitation.
Consult security guides and documents available at vendor Web sites.

4 - Silence is golden

Realize: Weak passwords are still a common route to compromised computers.
Require strong passwords (not dictionary words!) on every computer.
Remind users: Passwords shouldn’t be shared with anyone, even support techs.

3 - Change the locks

Don’t forget physical protection of IT systems—often overlooked, but critical to IT security plans.
Restrict physical access to critical servers; don’t, and logical security is useless.
Provide adequate climate control for all critical servers.

2 - Real, real gone…

Remove all traces of personal and business data from storage media (e.g., hard drives) before reassigning the device.
Accept it: Deleting files/reformatting a hard drive d'esn’t remove stored data.
Techs should use wiping utilities, degaussing, or destruction to securely remove all data remnants.

1- Show me the way

Remember: An organization can’t begin to protect critical systems and functions without first knowing what technologies have been deployed.
Once technologies and their interrelationships are clear, spot associated risks.
Once risks related to technology are identified and prioritized, put your money where the risks are.

E-Mail this page

Printable Format

Featured

Report: Increasing Number of Vulnerabilities in OpenVPN

OpenVPN, a popular open source virtual private network (VPN) system integrated into millions of routers, firmware, PCs, mobile devices and other smart devices, is leaving users open to a growing list of threats, according to a new report from Microsoft.
What Skills Do Online-Only Students Need Before Entering the Workplace?

Online students are likely to have certain gaps in their education. Here are five skills they’ll need to fill them.
MathGPT AI Tutor Now Out of Beta

Ed tech provider GotIt! Education has announced the general availability of MathGPT, an AI tutor and teaching assistant for foundational math support.
California AI Regulation Bill Advances to Assembly Vote with Key Amendments

California’s Senate Bill 1047 (SB 1047), the "Safe and Secure Innovation for Frontier Artificial Intelligence Models Act," spearheaded by Senator Scott Wiener (D-San Francisco), has cleared the Assembly Appropriations Committee with some significant amendments.