Educause Security Discussion mailing list archives
Re: Marketscore and Higher Ed
From: Joel Rosenblatt <joel () COLUMBIA EDU>
Date: Fri, 7 Jan 2005 11:42:09 -0500
Just for the record, I contacted the GC office at Ernst & Young when we first started looking into Marketscore. They have certified that the connection between the client computer and the Marketscore servers meet the requirements for their WebTrust logo. They had no official comment on what the MarketScore company was doing, since that was not what they were asked to check on. They basically certified that when you "sign up" for the MarketScore service, your data is safe. Joel Rosenblatt Joel Rosenblatt, Senior Security Officer & Windows Specialist, AcIS Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel --On Friday, January 07, 2005 10:29 AM -0600 Theresa Semmens <theresa.semmens () NDSU NODAK EDU> wrote:
Mike, are you going to request a formal written statement from Marketscore that states it is doing everything in your best interests to protect the university data you are responsible for? While it may look like they are meeting industry standards in privacy protection, I am not comfortable with any public, sensitive, intellectual, confidential university data traveling through any third party server for which I have no specific formal written guarantee stating that it is doing everything within all federal laws and regulations to protect the information it gleans. HIPAA requires a Business Associate Agreement. Are you going to request one from them? I know I'm reaching a bit far here, but I think it's important to make such a point. Theresa Semmens IT Security Officer North Dakota State University IACC 210C Ph: 701-231-5870 E-mail: theresa.semmens () ndsu nodak edu -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mike Wiseman Sent: Friday, January 07, 2005 10:15 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Marketscore and Higher Ed I did a little investigation (well, web surfing) of Marketscore's claimed privacy policy which proved to be interesting. On their home page is a WebTrust icon. Following the hyperlink is a report from the WebTrust organization that says Marketscore has met the requirements of their 'WebTrust Online Privacy' assurance service as determined by Ernst & Young. The WebTrust main website http://www.webtrust.org/overview.htm lists four assurance services that they provide: WebTrust Online Privacy, WebTrust Consumer Protection, WebTrust, and WebTrust for Certification Authorities. The latter one turns out to be the main trust requirement that Microsoft specifies for any organization applying to have their root CA cert installed in their products http://www.microsoft.com/technet/security/news/rootcert.mspx#EFAA . I am not familiar with the details of obtaining these approvals or how they compare to each other since I'm not an accountant. But I am beginning to feel assured that the Marketscore is meeting a recognized industry standard in privacy protection. Mike Mike Wiseman Manager - Computer Security Administration Computing and Networking Services University of Toronto ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Joel Rosenblatt, Senior Security Officer & Windows Specialist, AcIS Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Re: Marketscore and Higher Ed Schultz, Stephen (Jan 03)
- <Possible follow-ups>
- Re: Marketscore and Higher Ed Mike Wiseman (Jan 03)
- Re: Marketscore and Higher Ed Stephen D. Franklin (Jan 03)
- Re: Marketscore and Higher Ed Daniel Medina (Jan 03)
- Re: Marketscore and Higher Ed Rodney Petersen (Jan 04)
- Re: Marketscore and Higher Ed David Escalante (Jan 04)
- Re: Marketscore and Higher Ed Mike Wiseman (Jan 07)
- Re: Marketscore and Higher Ed Theresa Semmens (Jan 07)
- Re: Marketscore and Higher Ed Jere Retzer (Jan 07)
- Re: Marketscore and Higher Ed Joel Rosenblatt (Jan 07)
- Re: Marketscore and Higher Ed Mike Wiseman (Jan 07)
- Re: Marketscore and Higher Ed Eric Pancer (Jan 07)
- Re: Marketscore and Higher Ed Jeni Li (Jan 07)
- Re: Marketscore and Higher Ed Theresa Semmens (Jan 07)
- Re: Marketscore and Higher Ed Dick Jacobson (Jan 07)
- Re: Marketscore and Higher Ed John Sherwood (Jan 08)