http://www.athensnews.com/issue/article.php3?story_id=25525 By Jim Phillips Athens NEWS Senior Writer 2006-07-31 Ohio University officials provided some more details Friday on an expensive and ambitious overhaul of OU's information technology (IT) system that's now in the works. The restructuring, which was recommended by a consultant after OU suffered a series of major computer security breaches, will do away with OU's two main computer-related departments, Communication Network Service and Computer Services, to create what OU officials are calling a "unified IT structure" for the university. "CNS and CS... no longer exist," announced OU Chief Information Officer William Sams, who has said he'll be stepping down from that post as part of the restructuring. Sams and Provost Kathy Krendl rolled out the 20-point "blueprint for building a world-class IT function at Ohio University" at the Friday press conference, which was attended in person or via conference call by reporters from state and local media outlets, as well as publications such as the Chronicle of Higher Education and Computer World. Sams has estimated that implementing the plan will take from $3 million to $5.5 million in one-time costs, plus $2.5 million in annual ongoing expenses. The OU Trustees have already said they'll allocate $4 million for the project, and Sams said all or part of the rest can possibly be found within the existing university-wide IT budget. OU hired the Illinois-based Moran Technology Consultants, Inc. to investigate its IT setup after the university discovered a series of computer security breaches in which hackers gained access to personal information, including Social Security numbers, on tens of thousands of students, alumni, donors and subcontractors. A report by the consultant found major fault with CNS for what the report called its insular, uncooperative "silo culture." Two IT officials criticized in the report, CNS Director Tom Reid and CNS Unix Systems Director Todd Acheson, were suspended after its release, and now face possible termination. AMONG THE FEATURES of the plan previewed Friday, OU plans to: * implement a "perimeter firewall" to filter Internet traffic and protect OU computers outside the central cluster from hacking; * reduce its use of Social Security numbers for identifier purposes, and encrypt the Social Security numbers it continues to use; and * classify its data by the level of security needed in its protection. The overall restructuring of its IT sector, OU officials say, will help clarify roles and responsibilities, and facilitate better teamwork - the lack of which under the old system was stressed by Moran in its report. To help push the process forward, OU will be reviving and reorganizing its IT Leadership Council, to bring more university groups into IT-related decisions. Other points made in the Moran report were that OU has been cutting its IT workforce and not adequately training the workers it has. Sams said Friday that the new plan will turn that situation around. "That's what we're reversing," he said. He also promised "a complete review of job descriptions, so we are sure we've got people in the right jobs," and added, "we're going to have to do a lot more in training." Sams estimated that this training and analysis effort, plus some new hires, will cost "somewhere in the $1 million range... I'm looking at 15 people being added to the organization." KRENDL AND SAMS provided little information in response to one reporter's question about whether there might be a place in the new structure for Acheson and Reid, saying only that the cases of the two IT officials are still under consideration. An attorney for Acheson said Friday that his client remains in the dark about his status with OU, following a disciplinary meeting with Sams. "We have not heard anything," reported attorney Fred Gittes. Gittes said he has been sending testimonials to OU from numerous people who have worked with Acheson, disputing the Moran report's portrayal of him as an abrasive person who is difficult to work with and ignores co-worker input. "I've been sending in statements in support of Todd practically every day," he said. Gittes slammed the report, noting that it was only released with a number of sections redacted, and alleging that even as it stands in its public version, it contains "absolutely, provably false" statements and is "sloppy, full of incorrect statements, and contradicted by some of OU's own prestigious faculty members." He also criticized the consultant for destroying its notes used to compile the report. "We believe that was illegal," he said. ON THE QUESTION of how big an impact the restructuring will have on day-to-day computer use by students and staff Sams held out hope that the switch will be painless. "If we do our job right, they almost shouldn't notice," he said. Krendl was asked how the bad publicity surrounding the security breaches - which has triggered hundreds of e-mails from alumni, some of them angry, as well as a class-action lawsuit - has affected alumni giving. "In the history of the institution, this has been our third best year (for fundraising)," she responded. "It's been an excellent year for us." Krendl added that university fundraisers "did back off a bit" in their soliciting after the news of the hacking incidents came out. _________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 29 - August 3 2,500+ international security experts from 40 nations, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Tue Aug 01 2006 - 01:57:42 PDT