AOH :: ISN-2801.HTM

OU overhauls information-technology system in wake of




OU overhauls information-technology system in wake of
OU overhauls information-technology system in wake of



http://www.athensnews.com/issue/article.php3?story_id=25525 

By Jim Phillips
Athens NEWS Senior Writer
2006-07-31

Ohio University officials provided some more details Friday on an 
expensive and ambitious overhaul of OU's information technology (IT)  
system that's now in the works.

The restructuring, which was recommended by a consultant after OU suffered 
a series of major computer security breaches, will do away with OU's two 
main computer-related departments, Communication Network Service and 
Computer Services, to create what OU officials are calling a "unified IT 
structure" for the university.

"CNS and CS... no longer exist," announced OU Chief Information Officer 
William Sams, who has said he'll be stepping down from that post as part 
of the restructuring.

Sams and Provost Kathy Krendl rolled out the 20-point "blueprint for 
building a world-class IT function at Ohio University" at the Friday press 
conference, which was attended in person or via conference call by 
reporters from state and local media outlets, as well as publications such 
as the Chronicle of Higher Education and Computer World.

Sams has estimated that implementing the plan will take from $3 million to 
$5.5 million in one-time costs, plus $2.5 million in annual ongoing 
expenses.

The OU Trustees have already said they'll allocate $4 million for the 
project, and Sams said all or part of the rest can possibly be found 
within the existing university-wide IT budget.

OU hired the Illinois-based Moran Technology Consultants, Inc. to 
investigate its IT setup after the university discovered a series of 
computer security breaches in which hackers gained access to personal 
information, including Social Security numbers, on tens of thousands of 
students, alumni, donors and subcontractors.

A report by the consultant found major fault with CNS for what the report 
called its insular, uncooperative "silo culture." Two IT officials 
criticized in the report, CNS Director Tom Reid and CNS Unix Systems 
Director Todd Acheson, were suspended after its release, and now face 
possible termination.

AMONG THE FEATURES of the plan previewed Friday, OU plans to:

* implement a "perimeter firewall" to filter Internet traffic and protect 
  OU computers outside the central cluster from hacking;

* reduce its use of Social Security numbers for identifier purposes, and 
  encrypt the Social Security numbers it continues to use; and

* classify its data by the level of security needed in its protection.

The overall restructuring of its IT sector, OU officials say, will help 
clarify roles and responsibilities, and facilitate better teamwork - the 
lack of which under the old system was stressed by Moran in its report.

To help push the process forward, OU will be reviving and reorganizing its 
IT Leadership Council, to bring more university groups into IT-related 
decisions.

Other points made in the Moran report were that OU has been cutting its IT 
workforce and not adequately training the workers it has. Sams said Friday 
that the new plan will turn that situation around.

"That's what we're reversing," he said. He also promised "a complete 
review of job descriptions, so we are sure we've got people in the right 
jobs," and added, "we're going to have to do a lot more in training."

Sams estimated that this training and analysis effort, plus some new 
hires, will cost "somewhere in the $1 million range... I'm looking at 15 
people being added to the organization."

KRENDL AND SAMS provided little information in response to one reporter's 
question about whether there might be a place in the new structure for 
Acheson and Reid, saying only that the cases of the two IT officials are 
still under consideration.

An attorney for Acheson said Friday that his client remains in the dark 
about his status with OU, following a disciplinary meeting with Sams.

"We have not heard anything," reported attorney Fred Gittes.

Gittes said he has been sending testimonials to OU from numerous people 
who have worked with Acheson, disputing the Moran report's portrayal of 
him as an abrasive person who is difficult to work with and ignores 
co-worker input.

"I've been sending in statements in support of Todd practically every 
day," he said.

Gittes slammed the report, noting that it was only released with a number 
of sections redacted, and alleging that even as it stands in its public 
version, it contains "absolutely, provably false"  statements and is 
"sloppy, full of incorrect statements, and contradicted by some of OU's 
own prestigious faculty members."

He also criticized the consultant for destroying its notes used to compile 
the report. "We believe that was illegal," he said.

ON THE QUESTION of how big an impact the restructuring will have on 
day-to-day computer use by students and staff Sams held out hope that the 
switch will be painless.

"If we do our job right, they almost shouldn't notice," he said.

Krendl was asked how the bad publicity surrounding the security breaches - 
which has triggered hundreds of e-mails from alumni, some of them angry, 
as well as a class-action lawsuit - has affected alumni giving.

"In the history of the institution, this has been our third best year (for 
fundraising)," she responded. "It's been an excellent year for us."

Krendl added that university fundraisers "did back off a bit" in their 
soliciting after the news of the hacking incidents came out.


_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com 

Site design & layout copyright © 1986-2014 CodeGods