[ISN] OU boosts IT security

From: InfoSec News (alerts@private)
Date: Mon Oct 01 2007 - 01:33:10 PDT


http://thepost.baker.ohiou.edu/Articles/News/2007/09/28/21463/

By David Hendricks
Staff Writer
September 28, 2007

Ohio University is trying to turn negative media attention over its 
computer security problems into an opportunity for change, said its 
chief information officer.

CIO Brice Bible said that his office, which a consultant reported last 
spring was historically underfunded and understaffed, has made immediate 
fixes and is preparing a long-term plan.

Security improvements, proactive hiring for vacant positions, a status 
update on the university’s crackdown on file-sharing and proposed 
infrastructure upgrades are part of a five-year plan Bible outlined to 
university trustees at the Academics Committee meeting yesterday.

OU’s Hudson Health Center, which was forced to revert to a paper 
record-keeping system after one of its servers was hacked into last 
year, went back online earlier this month.

Office of Information Technology staff configured and installed six new 
firewalls to protect the university’s data center. Computers that store 
sensitive data will receive additional firewalls of their own, according 
to a packet distributed to board members.

During the summer, OIT stopped routinely using Social Security numbers — 
a key piece of information for identity thieves — at Alden Library and 
Ping Center. It also replaced university ID cards, which contained 
unencrypted SSNs and student names.

Bible hired a new director of Information Security, who began work this 
month and expanded the university’s security team to five members.

Though he said his hiring plan is behind schedule, Bible expects to fill 
eight more critical positions before the end of the year. Those include 
a director of Systems and Operations, firewall administrators, a 
security analyst and director of Customer Services.

“If you followed the traditional way of recruiting … it’s very hit or 
miss,” Bible said, adding that he’s tried to be proactive about filling 
open positions through a contract with job search Web site 
www.monster.com and by meeting with job candidates at higher education 
conferences.

Bible’s presentation also included plans to upgrade the speed and 
reliability of the university network by replacing outdated hardware. 
OIT will also review its data center’s heating, cooling and electrical 
systems, according to a packet distributed to board members.

After his presentation to the committee, Bible spoke about the 
university’s crackdown on file-sharing.

The Recording Industry Association of America announced in February that 
it had sent more file- sharing complaints to OU than any other 
university in the nation. It followed up in Winter and Spring Quarters 
by identifying 100 computers on the OU network that were sharing music 
and threatened to sue their owners.

The university responded by reiterating its stance against illegal 
file-sharing and purchased software to identify file-sharers on its 
network.

Bible said that last week he was contacted by an RIAA representative who 
sought to use OU as an example of how to deal with piracy. Bible said 
the woman told him that if a similar list were released today OU 
wouldn’t place in the top 100 schools, but the list was still “very 
unofficial.”

The RIAA confirmed that it had contacted OU and said it would release an 
official list of top recipients of piracy notifications later this year.



__________________________________________________________________      
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - www.csiannual.com



This archive was generated by hypermail 2.1.3 : Mon Oct 01 2007 - 01:51:44 PDT