From: InfoSec News (alertsinfosecnews.org)
Date: Mon Oct 01 2007 - 03:33:10 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://thepost.baker.ohiou.edu/Articles/News/2007/09/28/21463/

By David Hendricks
Staff Writer
September 28, 2007

Ohio University is trying to turn negative media attention over its
computer security problems into an opportunity for change, said its
chief information officer.

CIO Brice Bible said that his office, which a consultant reported last
spring was historically underfunded and understaffed, has made immediate
fixes and is preparing a long-term plan.

Security improvements, proactive hiring for vacant positions, a status
update on the university’s crackdown on file-sharing and proposed
infrastructure upgrades are part of a five-year plan Bible outlined to
university trustees at the Academics Committee meeting yesterday.

OU’s Hudson Health Center, which was forced to revert to a paper
record-keeping system after one of its servers was hacked into last
year, went back online earlier this month.

Office of Information Technology staff configured and installed six new
firewalls to protect the university’s data center. Computers that store
sensitive data will receive additional firewalls of their own, according
to a packet distributed to board members.

During the summer, OIT stopped routinely using Social Security numbers —
a key piece of information for identity thieves — at Alden Library and
Ping Center. It also replaced university ID cards, which contained
unencrypted SSNs and student names.

Bible hired a new director of Information Security, who began work this
month and expanded the university’s security team to five members.

Though he said his hiring plan is behind schedule, Bible expects to fill
eight more critical positions before the end of the year. Those include
a director of Systems and Operations, firewall administrators, a
security analyst and director of Customer Services.

“If you followed the traditional way of recruiting … it’s very hit or
miss,” Bible said, adding that he’s tried to be proactive about filling
open positions through a contract with job search Web site
www.monster.com and by meeting with job candidates at higher education
conferences.

Bible’s presentation also included plans to upgrade the speed and
reliability of the university network by replacing outdated hardware.
OIT will also review its data center’s heating, cooling and electrical
systems, according to a packet distributed to board members.

After his presentation to the committee, Bible spoke about the
university’s crackdown on file-sharing.

The Recording Industry Association of America announced in February that
it had sent more file- sharing complaints to OU than any other
university in the nation. It followed up in Winter and Spring Quarters
by identifying 100 computers on the OU network that were sharing music
and threatened to sue their owners.

The university responded by reiterating its stance against illegal
file-sharing and purchased software to identify file-sharers on its
network.

Bible said that last week he was contacted by an RIAA representative who
sought to use OU as an example of how to deal with piracy. Bible said
the woman told him that if a similar list were released today OU
wouldn’t place in the top 100 schools, but the list was still “very
unofficial.”

The RIAA confirmed that it had contacted OU and said it would release an
official list of top recipients of piracy notifications later this year.

__________________________________________________________________
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques. Register now for savings on conference fees
and/or free exhibits admission. - www.csiannual.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]