[ISN] Audit calls on UW System to protect IT data

From: InfoSec News (alerts@private)
Date: Wed Apr 09 2008 - 01:09:45 PDT


http://www.dailycardinal.com/article/2629

By Charles Brace
The Daily Cardinal 
April 8, 2008

Many UW System colleges lack the personnel or policies to protect their 
computer networks against hackers, though progress has been made in 
recent years.

Several UW System schools still need better-defined policies to protect 
sensitive data against computer security breaches, an April 4 audit 
said.

The audit said UW System schools must create policies on what kind of 
data needs more protection and must perform periodic checks on 
vulnerabilities in computer networks.

Other necessary improvements include campuses hiring a full-time 
information security officer and formalizing a response to security 
breaches, according to the audit.

UW-Madison, UW-Milwaukee and UW-Whitewater are the only UW System 
schools that currently have a full-time information security officer, 
the audit said.

The audit said security breaches often cause significant financial 
problems for colleges, with lost data forcing universities to pay 
insurance costs for affected employees. It said breaches would cost $90 
to $100 per affected record in incidents that might involve tens of 
thousands of records.

Computer security breaches affected more than 4.7 million students and 
staff around the United States from 2005-.07, according to the audit.

UW System spokesperson David Giroux said the audit would be reported to 
the Board of Regents at its Thursday or Friday meeting. He said it would 
not be a contentious issue for discussion, as the incidents in the audit 
have been previously reported.

Brian Rust, communications manager for the Division of Information 
Technology, said UW-Madison currently performs checks on the campus 
networks by using the same scanning maneuvers as hackers.

Rust said if a computer or departmental network is found to have a 
vulnerability, then it is disconnected from the main campus network 
until the problem is solved to eliminate the risk.

He said the security checks need constant updates because hackers are 
continually improving their methods, similar to burglars.

.If you are trying to break into a home, the stronger the locks get, you 
have to employ different methods to get around [them],. Rust said.

Jim Lowe, chief information security officer on campus, said officials 
are focused on protecting restricted data like health insurance 
information and other data hackers would use for identity theft.

Campus officials must protect certain types of data because of federal 
laws like the Health Insurance Portability and Accountability Act, Lowe 
said.


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Wed Apr 09 2008 - 01:22:29 PDT