By Yoshi Myers
Feb 15 2008
University administrators are in the primary stages of creating a task
force that will look into how to enhance information security after the
suspected theft of an external hard drive six weeks ago potentially
exposed the Social Security numbers of 38,000 students, alumni, faculty
The 100-member task force will consist of University Information
Services personnel and leaders from the universitys three campuses,
along with those familiar with specific data in areas including finance,
human resources, student information and research, the UIS release said.
Additionally, the release stated that Senior Vice President Spiros
Dimolitsas and David Lambert, vice president and chief information
officer for University Information Services, will co-chair a steering
committee to prioritize the focus and coordinate the organizational
structure of the task force.
The missing external hard drive, which was located on the fifth floor of
the Leavey Center, contains the information of students, faculty and
staff from 1998-2006, including 7,700 of students currently at
Georgetown University and 25,000 of alumni. The hard drive, which was
reported stolen on Jan. 3, had been used to back up a computer that
contained billing information for student services including student
health insurance and activities fees.
University Spokesperson Julie Bataille said the task force will work on
a plan that would limit the universitys usage and storage of
confidential data. She said that the task force will also consider how
to ensure that the information is appropriately protected when it is
necessary to perform critical academic, business or research functions.
?The effort is designed to intensify the data security protections
University Information Services was already implementing prior to the
recent data security breach, Bataille said. She would not specify what
security measures will be reinforced.
Bataille said that in 1999, the university began implementing GOCard
numbers and NetIDs as primary means of identification.
In addition to implementing the task force proposal, University
Information Services also plans to teach individuals how to secure data
on laptops, personal digital assistants, USB keys and attached hard
drives, Lambert said in the release.
University Information Services also plans to advise university offices
on purchasing secure laptops and change its data-storage procedures so
that sensitive personal information exists on hosts rather than on
individual hard drives.
According to Bataille, Dimolitsas has released a list of information
security responsibilities to university faculty and staff.
Dimolitsas and Lambert could not be reached for comment.
Subscribe to InfoSec News