Educause Security Discussion mailing list archives
Re: Value of Protecting "Public" Data ?
From: "Carr, Michael G" <michael.carr () UKY EDU>
Date: Mon, 30 Jan 2012 12:31:47 -0500
While sunshine laws may determine that certain (or many) data elements are "public", data stewards still have an obligation to ensure that this "public" data has integrity and, accordingly, is only created, changed, or deleted by authorized persons. Insofar as determining the value of this data and the amount of resources one is willing to invest to protect the data, security is a business decision and much would depend on the cost to reproduce or restore, possible negative impact to reputation if a system full of "public" data is compromised, and impact to the business if this "public" data were to become unavailable (for some period.) Mike -------------------------------------------------------- Michael G. Carr, JD, CISSP, CIPP Chief Information Security Officer The University of Kentucky 122 James F. Hardymon Bldg Lexington KY 40506-0495 Desk: (859) 218-0306 Michael.Carr () UKy edu www.educause.edu/policy/dataprivacy Security/Privacy Tip: YouTube video on securing your smartphone; Google Search: "youtube privacy now TV Secure Smartphone" -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mclaughlin, Kevin (mclaugkl) Sent: Monday, January 30, 2012 12:21 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Free Download of Matt Ivester's Book Available Now (until Jan. 30)! But now among my peers I have to take this into a different arena and into an area that is a pet peeve of mine. I won't say what my belief on what I am saying is just yet but here's the question: As Information Security professionals we classify data - from our professional viewpoint is data that is classified as public really worth anything? Would we encourage the expenditure of funds to protect it? - Kevin Kevin L. McLaughlin, CISM, CISSP, GIAC-GSLC, CRISC, PMP, ITIL Master Certified Chief Information Security Officer (CISO) & Assistant Vice President Administration & Finance TEWG-Region 6 TLO University of Cincinnati 513-556-9177
Current thread:
- Re: Value of Protecting "Public" Data ? Carr, Michael G (Jan 30)