Educause Security Discussion mailing list archives
Re: SSN Conversion
From: Aaron Lafferty <lafferty () OAR NET>
Date: Wed, 22 Mar 2006 11:01:48 -0500
Hello, Tough choice, I think I would probably go with the secure website. Primarily because you could control and audit access much more easily with a centrally available solution that with handing out physical media. There is a serious danger that at least one person will lose the CD media (which could be somewhat mitigated by encrypting the data on it), and absolutely no audit ability. Thanks Aaron On Mar 22, 2006, at 10:41 AM, Chad McDonald wrote:
We are looking strongly at 2 scenarios: Provide a file with SSN and New ID (no other information at all would be in the file) for administrators of ad hoc databases & spreadsheets. This would be accompanied by user education as well. The file would be on CD. CD's would be numbered and signed for with agreement not to duplicate or communicate data in any fashion. Once conversion is complete, CD's would be retrieved. OR Create a secure website for individual SSN / ID lookups. Do you see major security concerns with either approach, given that we have to accommodate these administrators? Chad McDonald, CISSP
Current thread:
- SSN Conversion Chad McDonald (Mar 22)
- <Possible follow-ups>
- Re: SSN Conversion Aaron Lafferty (Mar 22)
- Re: SSN Conversion Gary Flynn (Mar 22)
- Re: SSN Conversion Buz Dale (Mar 22)
- Re: SSN Conversion Graham Toal (Mar 22)