By Charles Brace
The Daily Cardinal
April 8, 2008
Many UW System colleges lack the personnel or policies to protect their
computer networks against hackers, though progress has been made in
Several UW System schools still need better-defined policies to protect
sensitive data against computer security breaches, an April 4 audit
The audit said UW System schools must create policies on what kind of
data needs more protection and must perform periodic checks on
vulnerabilities in computer networks.
Other necessary improvements include campuses hiring a full-time
information security officer and formalizing a response to security
breaches, according to the audit.
UW-Madison, UW-Milwaukee and UW-Whitewater are the only UW System
schools that currently have a full-time information security officer,
the audit said.
The audit said security breaches often cause significant financial
problems for colleges, with lost data forcing universities to pay
insurance costs for affected employees. It said breaches would cost $90
to $100 per affected record in incidents that might involve tens of
thousands of records.
Computer security breaches affected more than 4.7 million students and
staff around the United States from 2005-.07, according to the audit.
UW System spokesperson David Giroux said the audit would be reported to
the Board of Regents at its Thursday or Friday meeting. He said it would
not be a contentious issue for discussion, as the incidents in the audit
have been previously reported.
Brian Rust, communications manager for the Division of Information
Technology, said UW-Madison currently performs checks on the campus
networks by using the same scanning maneuvers as hackers.
Rust said if a computer or departmental network is found to have a
vulnerability, then it is disconnected from the main campus network
until the problem is solved to eliminate the risk.
He said the security checks need constant updates because hackers are
continually improving their methods, similar to burglars.
.If you are trying to break into a home, the stronger the locks get, you
have to employ different methods to get around [them],. Rust said.
Jim Lowe, chief information security officer on campus, said officials
are focused on protecting restricted data like health insurance
information and other data hackers would use for identity theft.
Campus officials must protect certain types of data because of federal
laws like the Health Insurance Portability and Accountability Act, Lowe
Subscribe to InfoSec News