This page contains a Flash digital edition of a book.
Cybersecurity. Convenience.
scare off donors, alienate alumni and make lars in fines for failing to comply with an al- management decisions.” Margaret Tungseth,
applicants hesitant. phabet soup of regulations, including PCI, president of the University Risk Manage-
Networks and servers taken offline follow- HIPAA, FISMA, SOX and NERC. So far ment and Insurance Association (URMIA)
ing an incident interrupt business operations. campuses have been spared. That may not and risk management director at Concordia
Hundreds of employees can be idled waiting always be so. The Senate Judiciary Com- College, urges campuses to make sure a risk
for computer access. Sometimes students who mittee approved legislation authored by manager is at the table when preparing for
need access to learning management systems chairman Patrick Leahy (D-Vt.) that would or reacting to a cyber (or any other type of )
or library resources, especially during an exam require entities to report personal data theft threat to see beyond the nitty gritty of a par-
period, are at risk for failing grades. to those individuals and to law enforce- ticular incident and get a perspective from
The hard costs of repairing relationships ment, and make concealment a crime. the 40,000 foot level.
can be expensive. After a data breach, paying Sheldon Mahl cautions risk managers
for 50,000 credit reports for alumni, even What to do. and IT administrators to be wary of soft-
at the group rate of $20 each, would cost Data security is everyone’s business. Cam- ware vendors and consultants who purport
$1 million. The IT staff time diverted from puses pride themselves on open access and to protect everything. “If you don’t ques-
productive work to tracking, analyzing and academic freedom. Regardless, openness tion, the industry will let you believe.”
repairing damage costs money. Hundreds cannot come at any cost. Students and Virginia Rezmierski sees a potential
of hours quickly adds up to thousands of academicians, alike, must understand that IT career path problem. “It is not uncom-
dollars. Avoiding a public relations gaffe is for their own protection—as well as that mon for administrative assistants who are
expensive when you add together the cost of the institution—there must be policies ‘good with computers’ to end up as system
of system administrators, attorneys and and procedures in place to regulate access administrators” managing more than their
outside PR counsel. to and use of confidential data. skills, training or experience justify.
Sometimes data is not stolen, it is de- Many institutions are ramping up enter- Frank Vinik reminds risk managers to
stroyed or corrupted. On purpose or by ac- prise risk management (ERM) plans. Palo know what their insurance covers. Personal
cident. Institutions may be liable for the cost Alto’s King believes that policy for such information and intellectual property theft
of replicating research or for opportunity plans must originate at the highest level of is not like other property and casualty per-
losses incurred by a grantor or contractor ex- an organization. “It should not be placed ils. Tungseth says Concordia carries insur-
pecting to go to market with a new product. on the shoulders of the IT department,” he ance on things like internet media liability
Corporations have paid millions of dol- warns. “They are not equipped to make risk and cyber extortion as part of a bundle of
security coverages; but it is difficult to es-
tablish what loss levels to insure against.
a security planning primer
All the experts point out that user bad
habits are a significant factor. Education is
B
efore you can protect your Adopt PCI as a minimal standard.
essential to increase awareness and to change
information assets, you must know The PCI Security Standards Coun-
risky behavior. Don’t use one password for
what information needs protecting. cil is an open global forum founded
everything. Don’t open unkown links and
• What data you have by American Express, Discover, JCB
attachments. Encrypt and password-pro-
• Where it resides International, MasterCard and Visa.
tect sensitive data. Use caution when on
• Who is accessing your data While initially designed for financial
unsecured wireless networks. Don’t give
• When users are accessing it service companies, its security stan-
out personal information readily.
• How users are accessing it dards are applicable to all account
TC
Develop policies and procedures to data protection.
manage data security. Many progressive Take advantage of the latest technol-
People cited in this article
institutions are adapting an approach ogy to:
Chris King, director of product
called Public Key Infrastructure or PKI. • Encrypt data on the network
marketing, Palo Alto Networks
It duplicates for electronic transactions • Encrypt data at the “end point”—
Virginia rezmierski, director of policy
what old-fashioned face-to-face inter- laptops, key drives, CDs, etc.
development and education,
action used to do, with five necessary • Proactively scan for vulnerabilities
University of Michigan
components: • Patch and repair
sheldon Malm, senior director of
• Identification • Rescan
security strategy, Rapid7
• Authorization • Document for compliance
Frank Vinik, United Educators
• Data security Continue with something colleges
Margaret tungseth, president,
• Confidentiality should be good at: educate, educate,
United Risk Management and
• Non-repudiation educate.
Insurance Association and risk manager,
Concordia College
26 T
oday’s
C
ampus subscribe at no charge at www.todayscampus.com
Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68
Produced with Yudu - www.yudu.com