[ISN] University Pledges to Boost Tech Security

From: InfoSec News (alerts@private)
Date: Tue Feb 19 2008 - 01:00:30 PST


http://www.thehoya.com/node/15379

By Yoshi Myers
The Hoya
Feb 15 2008

University administrators are in the primary stages of creating a task 
force that will look into how to enhance information security after the 
suspected theft of an external hard drive six weeks ago potentially 
exposed the Social Security numbers of 38,000 students, alumni, faculty 
and staff.

The 100-member task force will consist of University Information 
Services personnel and leaders from the universitys three campuses, 
along with those familiar with specific data in areas including finance, 
human resources, student information and research, the UIS release said.

Additionally, the release stated that Senior Vice President Spiros 
Dimolitsas and David Lambert, vice president and chief information 
officer for University Information Services, will co-chair a steering 
committee to prioritize the focus and coordinate the organizational 
structure of the task force.

The missing external hard drive, which was located on the fifth floor of 
the Leavey Center, contains the information of students, faculty and 
staff from 1998-2006, including 7,700 of students currently at 
Georgetown University and 25,000 of alumni. The hard drive, which was 
reported stolen on Jan. 3, had been used to back up a computer that 
contained billing information for student services including student 
health insurance and activities fees.

University Spokesperson Julie Bataille said the task force will work on 
a plan that would limit the universitys usage and storage of 
confidential data. She said that the task force will also consider how 
to ensure that the information is appropriately protected when it is 
necessary to perform critical academic, business or research functions.

?The effort is designed to intensify the data security protections 
University Information Services was already implementing prior to the 
recent data security breach, Bataille said. She would not specify what 
security measures will be reinforced.

Bataille said that in 1999, the university began implementing GOCard 
numbers and NetIDs as primary means of identification.

In addition to implementing the task force proposal, University 
Information Services also plans to teach individuals how to secure data 
on laptops, personal digital assistants, USB keys and attached hard 
drives, Lambert said in the release.

University Information Services also plans to advise university offices 
on purchasing secure laptops and change its data-storage procedures so 
that sensitive personal information exists on hosts rather than on 
individual hard drives.

According to Bataille, Dimolitsas has released a list of information 
security responsibilities to university faculty and staff.

Dimolitsas and Lambert could not be reached for comment.


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Tue Feb 19 2008 - 01:08:20 PST