http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9023219 By Jaikumar Vijayan June 05, 2007 Computerworld Ohio University last week announced the creation of a new Information Technology Advisory Council that will contribute to its ongoing efforts to revamp data security following a series of high-profile computer intrusions at the university last year. The advisory council will include representatives from faculty, staffers, students, IT professionals and executive leadership at the university. Its mission is to provide guidance for IT policies and processes, review and prioritize proposals for new IT services, and recommend IT-related funding requests from the university, a university statement said. In addition, the council will help develop a mission statement and strategic plan for central IT besides overseeing an annual process for measuring the effectiveness of central IT, the statement said. The creation of the committee builds on measures the university is taking to fortify IT security, said Brice Bible, who took over as the CIO at Ohio University in April. "This presents a great opportunity for each of the universitys constituents to have a formal voice in IT direction," Bible said. "The council will allow [the central IT organization] to have a two-way conversation" with all of the stakeholders across the university, he added. Ohio Universitys move to establish the advisory council is the latest in a series of steps that the institution has taken in response to the discovery of five separate data breaches involving its systems in a two-month period, starting in April of last year. The breaches included one that resulted in the exposure of personal data belonging to 137,000 alumni, and another that involved the compromise of a server containing personal data on 60,000 current and former students as well as some faculty and staff. The incidents prompted the resignation of the universitys CIO William Sams and the firing of two senior IT executives. It also triggered a wide-ranging overhaul of the universitys IT infrastructure and strategies, including a 20-step plan for improving information security. Much of the work on the technology front has already been accomplished or is in the process of being implemented, Bible said. For instance, he said, the university has deployed new perimeter firewall and network intrusion-detection and -prevention systems. Measures have also been taken to eliminate the use of Social Security numbers on student and employee identification cards, he said. Starting June 18, all students and employees will be issued new ID cards without Social Security numbers, he said. An effort is also under way to identify systems containing sensitive data across the university and finding ways to minimize that data. The new advisory council will play a part in helping to vet a new data classification policy that is being rolled out across the university by the central IT department, Bible said. "We are making significant progress at the foundational level," Bible said. He said that more work remains to be done is in areas such as user education and security awareness training -- issues that the new council is designed to address. Expect also to see the council to play a significant role in an evolving effort to centralize more of the universitys distributed IT operations, Bible said. The central IT organization that Bible heads is currently working with the separate IT groups at the universitys College of Arts and Sciences, the College of Engineering and the Finance & Administration area. Bible said that the effort is to find areas where some IT functions can be managed by a core central IT group. "There is a strong buy-in from university leaders about the need to rightsize the balance between distributed and centralized IT," Bible said. "We are beginning to develop a rightsize model, and we will use those two colleges and the one service unit to prototype it," he added; if successful, the same model will be rolled out universitywide. _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Tue Jun 05 2007 - 22:38:33 PDT