Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SSN Conversion

From: Aaron Lafferty <lafferty () OAR NET>
Date: Wed, 22 Mar 2006 11:01:48 -0500
Hello,

Tough choice, I think I would probably go with the secure website.
Primarily because you could control and audit access much more easily
with a centrally available solution that with handing out physical
media.  There is a serious danger that at least one person will lose
the CD media (which could be somewhat mitigated by encrypting the
data on it), and absolutely no audit ability.

Thanks
Aaron

On Mar 22, 2006, at 10:41 AM, Chad McDonald wrote:




We are looking strongly at 2 scenarios:
Provide a file with SSN and New ID (no other information at all
would be in
the file) for administrators of ad hoc databases & spreadsheets.
This would
be accompanied by user education as well.  The file would be on
CD.  CD's
would be numbered and signed for with agreement not to duplicate or
communicate data in any fashion.  Once conversion is complete, CD's
would be
retrieved.

OR

Create a secure website for individual SSN / ID lookups.

Do you see major security concerns with either approach, given that
we have
to accommodate these administrators?


Chad McDonald, CISSP
Previous By Date Next
Previous By Thread Next

Current thread: