This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--1457021584-236995031-1193991519=:20240
Content-Type: TEXT/PLAIN; CHARSET=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-ID:  

http://www.thepost.ohiou.edu/Articles/News/2007/11/02/22069/ 

By David Hendricks
Staff Writer
November 2, 2007

Ohio University agreed Monday to allow two former information technology 
employees to keep sensitive documents inadvertently given away by 
university lawyers.

University lawyers filed a motion Oct. 5 asking that Tom Reid and Todd 
Acheson return drafts and notes used to prepare a consultant=E2=80=99s 
closely-guarded report commissioned after five university servers were 
hacked in spring 2006.

In their October motion, university lawyers cautioned that release of 
the documents could expose the university to further damage. Fred 
Gittes, Acheson=E2=80=99s lawyer, said that the notes and drafts in question 
will be used solely for the case and may be returned upon its 
completion.

The report, prepared using the documents, recommended that the 
university fire both men, then senior Information

Technology managers. The university has maintained in court filings that 
the report was not the reason for Read and Acheson=E2=80=99s termination.

Moran Consulting of Naperville, Ill., released the report in June 2006. 
The university distributed a redacted copy =E2=80=94 in which sensitive 
information was removed =E2=80=94 to Reid and Acheson after they requested it.

Reid and Acheson, who as senior IT employees already had detailed 
knowledge of the university=E2=80=99s network security, asked to see the full 
report. The university, anxious about further exposing its data, asked 
that both men sign non-disclosure agreements before viewing the report.

They declined and filed a lawsuit seeking release of the un-redacted 
report and related documents.

Reid has said repeatedly that the redaction in the Moran report is too 
broad and violates Ohio Revised Code. A university spokeswoman said she 
could not comment on the case, as it is ongoing.

The FBI is still investigating the server security breaches, which 
exposed credit card numbers, tax forms, Social Security numbers, alumni 
donor records and medical records of people associated with the 
university to hackers.

After the security problems, the university=E2=80=99s chief information officer 
stepped down and the university paid $357,775 to another consultant for 
a report on its IT services. The executive summary of that report warned 
the university=E2=80=99s IT services are severely underfunded and understaffed.

In April, after two searches, the university hired Brice Bible as its 
new CIO and made his position cabinet-level. Bible hired a new director 
of information security this year and is working on a five-year plan for 
the department, now called the Office of Information Technology.

Drafts of the university=E2=80=99s five-year financial plan allot $6.35 million 
to =E2=80=9Cprovide a dependable and secure network and systems infrastructure.=E2=80=9D


--1457021584-236995031-1193991519=:20240
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

__________________________________________________________________      
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - www.csiannual.com 

--1457021584-236995031-1193991519=:20240--