http://thetartan.org/news/2005/11/14/computer by Matthew McKee November 14, 2005 According to a recent survey published by the Chronicle of Higher Education, you are your computer's worst enemy. The survey reported that out of 319 studied incidents, recklessness and apathy caused roughly 40 percent of computer security problems. This means that many network security problems such as viruses, data loss, and remote hacker control of a personal computer arise from a common source that causes more problems than malicious hacking: student negligence. Students push aside their responsibilities to follow network policies, and this creates far too many problems that network security administrators want to prevent. Joel Smith, the vice-provost and chief information officer for Computing Services at CMU, said that most responsibility falls "in the hands of the users themselves." He said that the lack of student adherence to network guidelines causes the "vast majority of incidents of intrusion." Although CMU did not participate in the Chronicle's survey, its findings may have fallen in line with other universities across the country. Smith emphasized that with an open environment of computing, "incidents of intrusion" become much harder to control. Student use of the Internet presents a "real challenge" for Smith and his colleagues to monitor. "The campus network is not like a corporate structure where everything is rigidly controlled," he said, "[so] this is a joint effort between students and Computing Services." However, he qualified this statement by saying, "We are still in an era of computing responsibility.... A lot of weight still falls on the individual." This weight at CMU means precautions that users must take - unless they want to see their network connections turned off. Conor McGrath, the University of Chicago's manager for network security, says that his university pursues network security a bit differently. They distribute a compact disc containing a "connectivity package" and require students to firewall their machines. The laundry list of precautions for this institution proves much shorter than the to-do list CMU gives its residents. McGrath does not want to cross the line of student privacy, but at the same time, security has become such a major issue that his office has taken responsibility for the security of the dorm networks "to a certain point." McGrath, like Smith, admitted that the "vast majority" of incidents stemmed from user carelessness, but, he said, "Students are worried about being students. They're not trying to become computer security experts." He said his office currently wants to develop programs to raise user awareness and reduce the number of security incidents, but he sees a problem in convincing students to turn away from merely skipping policies and ignoring advice. He identified a "click-through culture" that needs a dramatic reduction. Both McGrath and Smith brought up the necessity of good dialogue between students and computing security officials that will help promote student responsiveness to security problems. McGrath said, "A computer is not as easy to use as a toaster. Unfortunately, students want to treat their computers as appliances." _________________________________________ Earn your Master's degree in Information Security ONLINE www.msia.norwich.edu/csi Study IA management practices and the latest infosec issues. Norwich University is an NSA Center of Excellence.
This archive was generated by hypermail 2.1.3 : Mon Nov 14 2005 - 22:34:00 PST