http://www.thepost.ohiou.edu/Articles/News/2007/11/02/22069/ By David Hendricks Staff Writer November 2, 2007 Ohio University agreed Monday to allow two former information technology employees to keep sensitive documents inadvertently given away by university lawyers. University lawyers filed a motion Oct. 5 asking that Tom Reid and Todd Acheson return drafts and notes used to prepare a consultant’s closely-guarded report commissioned after five university servers were hacked in spring 2006. In their October motion, university lawyers cautioned that release of the documents could expose the university to further damage. Fred Gittes, Acheson’s lawyer, said that the notes and drafts in question will be used solely for the case and may be returned upon its completion. The report, prepared using the documents, recommended that the university fire both men, then senior Information Technology managers. The university has maintained in court filings that the report was not the reason for Read and Acheson’s termination. Moran Consulting of Naperville, Ill., released the report in June 2006. The university distributed a redacted copy — in which sensitive information was removed — to Reid and Acheson after they requested it. Reid and Acheson, who as senior IT employees already had detailed knowledge of the university’s network security, asked to see the full report. The university, anxious about further exposing its data, asked that both men sign non-disclosure agreements before viewing the report. They declined and filed a lawsuit seeking release of the un-redacted report and related documents. Reid has said repeatedly that the redaction in the Moran report is too broad and violates Ohio Revised Code. A university spokeswoman said she could not comment on the case, as it is ongoing. The FBI is still investigating the server security breaches, which exposed credit card numbers, tax forms, Social Security numbers, alumni donor records and medical records of people associated with the university to hackers. After the security problems, the university’s chief information officer stepped down and the university paid $357,775 to another consultant for a report on its IT services. The executive summary of that report warned the university’s IT services are severely underfunded and understaffed. In April, after two searches, the university hired Brice Bible as its new CIO and made his position cabinet-level. Bible hired a new director of information security this year and is working on a five-year plan for the department, now called the Office of Information Technology. Drafts of the university’s five-year financial plan allot $6.35 million to “provide a dependable and secure network and systems infrastructure.” __________________________________________________________________ CSI 2007 is the only conference that delivers a business-focused overview of enterprise security. It will convene 1,500+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques. Register now for savings on conference fees and/or free exhibits admission. - www.csiannual.com
This archive was generated by hypermail 2.1.3 : Fri Nov 02 2007 - 00:41:57 PST