http://thepost.baker.ohiou.edu/articles/2006/06/22/news/14120.html Sean Gaffney skatripp at gmail.com June 22, 2006 Ohio University suspended two administrators and created a new position at the recommendation of a network security report Tuesday. The university suspended - Tom Reid, director of Communication Network Services and Computer Services and - Todd Acheson, manager of Internet and Systems, until a disciplinary investigation is completed according to a university news release. Both men will still be paid while on suspension. At a later date, Reid and Acheson will have a chance to respond to the findings prior to the university's final determination, which could include termination, according to the news release. Two independent consultants have been brought in to temporarily manage the Central Information Technology Management Team, according to the release. The report follows a three-week comprehensive analysis of the network security breaches conducted by Moran Technology Consulting of Naperville, Ill. The audit analyzed the department and employees, searching for negligence or faults that contributed to the security breaches, according to the release. A new position, Chief of Staff to the Chief Information Officer has been created and national search has been launched to fill the position, according to the release. - Bill Sams is presently the chief information officer and associate provost for information technology. As a result of the report, the Information Technology departments will be restructured to establish "clear roles, responsibilities, and accountabilities," according to the release. Two departments, CNS and Computer Services, were already combined to ease unnecessary competition and friction that contributed to department malfeasance. Unnecessary competition between the departments resulted in negligence, Sams has said in previous interviews. OU President - Roderick McDavis is working with university officials and others to solve the problem. "I am angry and embarrassed by the computer security system lapses that were undetected before my time as leader of the university," McDavis said the release. McDavis decreased the IT budget by $1 million since taking office in 2004. There was a 3 percent reduction in the IT budget last year, and as a 12 percent reduction was being implemented this year, the security breaches were detected, said university spokesman - Jack Jeffery. That was "part of the standard reductions made across the university," during 2006 fiscal year, Jeffery said. "We wanted to make sure we weren't cutting from the academic programs," he added. Sams has previously said that the university has a reached a critical point in budget cuts and will need to replace funds in the IT budget. Next week, McDavis will request that the OU Board of Trustees "authorize up to $2 million to invest in securing information technology systems," according to the release. The total cost to recover from the security breaches will be millions of dollars, Sams said. Since April 21, 365,000 personal identities have been compromised in security breaches at Ohio University. The latest breach was detected on a university computer that housed IRS 1099 tax forms for 2,480 vendors and independent contractors who worked for the university between 2004 and 2005, according to the university's Web site. The university also discovered that a computer hosting a "variety of Web-based forms" that included class lists containing the social security numbers of about 4,900 current and former students had been accessed. The data is fragmentary and it is not certain if the compromised information can be traced to individuals, according to the university's Web site. Employees, students, alumni and contractors have been urged to monitor credit reports and request fraud watches be placed on their report. About 24 people have expressed to the university that they have been victims of identity theft in the past year, according to an Associated Press article. Copyright © 2006 The Post _________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 29 - August 3 2,500+ international security experts from 40 nations, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Fri Jun 23 2006 - 13:00:37 PDT