By Jaikumar Vijayan
June 05, 2007
Ohio University last week announced the creation of a new Information
Technology Advisory Council that will contribute to its ongoing efforts
to revamp data security following a series of high-profile computer
intrusions at the university last year.
The advisory council will include representatives from faculty,
staffers, students, IT professionals and executive leadership at the
university. Its mission is to provide guidance for IT policies and
processes, review and prioritize proposals for new IT services, and
recommend IT-related funding requests from the university, a university
In addition, the council will help develop a mission statement and
strategic plan for central IT besides overseeing an annual process for
measuring the effectiveness of central IT, the statement said.
The creation of the committee builds on measures the university is
taking to fortify IT security, said Brice Bible, who took over as the
CIO at Ohio University in April.
"This presents a great opportunity for each of the universitys
constituents to have a formal voice in IT direction," Bible said. "The
council will allow [the central IT organization] to have a two-way
conversation" with all of the stakeholders across the university, he
Ohio Universitys move to establish the advisory council is the latest in
a series of steps that the institution has taken in response to the
discovery of five separate data breaches involving its systems in a
two-month period, starting in April of last year. The breaches included
one that resulted in the exposure of personal data belonging to 137,000
alumni, and another that involved the compromise of a server containing
personal data on 60,000 current and former students as well as some
faculty and staff.
The incidents prompted the resignation of the universitys CIO William
Sams and the firing of two senior IT executives. It also triggered a
wide-ranging overhaul of the universitys IT infrastructure and
strategies, including a 20-step plan for improving information security.
Much of the work on the technology front has already been accomplished
or is in the process of being implemented, Bible said. For instance, he
said, the university has deployed new perimeter firewall and network
intrusion-detection and -prevention systems.
Measures have also been taken to eliminate the use of Social Security
numbers on student and employee identification cards, he said. Starting
June 18, all students and employees will be issued new ID cards without
Social Security numbers, he said.
An effort is also under way to identify systems containing sensitive
data across the university and finding ways to minimize that data. The
new advisory council will play a part in helping to vet a new data
classification policy that is being rolled out across the university by
the central IT department, Bible said.
"We are making significant progress at the foundational level," Bible
said. He said that more work remains to be done is in areas such as user
education and security awareness training -- issues that the new council
is designed to address.
Expect also to see the council to play a significant role in an evolving
effort to centralize more of the universitys distributed IT operations,
Bible said. The central IT organization that Bible heads is currently
working with the separate IT groups at the universitys College of Arts
and Sciences, the College of Engineering and the Finance &
Administration area. Bible said that the effort is to find areas where
some IT functions can be managed by a core central IT group.
"There is a strong buy-in from university leaders about the need to
rightsize the balance between distributed and centralized IT," Bible
said. "We are beginning to develop a rightsize model, and we will use
those two colleges and the one service unit to prototype it," he added;
if successful, the same model will be rolled out universitywide.
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com