Re: Article: "21st century university campuses: a haven for hackers and data thieves?"

[Daniel R Jones <Dan.Jones () COLORADO EDU>]

Another factor that does not get addressed is the actuall number of
impacted individuals.  Interestingly if you use the list from
Privacyrights.org
(http://www.privacyrights.org/ar/ChronDataBreaches.htm) the percentage
for education is higher (34% plus another 6% for university hospitals)
than the Choicepoint numbers.  

Commercial                      23%      41     
Education                       34%      61     
Federal                 4%       7      
Financial                       14%      26     
Health Care                     7%       12     
Non Profit                      3%       5      
State and Local         10%      19     
Education & Health Care  6%      10     
Total                                   181     

However, when you look at the actual numbers financial is must higher
followed by government.

Commercial                      4%       3793580        
Education                       2%       2084345        
Federal                 29%      27171550       
Financial                       52%      47972173       
Health Care                     1%       865100 
Non Profit                      2%       1398000        
State and Local         10%      9457947        
Education & Health Care  0%      180901 
Total                                    92923596       

I would also argue that Higher Ed has been much better at reporting than
other segments (okay I'm biased here).  A large question which can't
really be answered is the number of potential exposures (e.g., a lost
laptop) vs known exposures (e.g., dishonest employees or credit card
fraud).

Regards,

Dan

Information Technology Services
University of Colorado at Boulder

> -----Original Message-----
> From: Brad Judy [mailto:Brad.Judy () COLORADO EDU] 
> Sent: Friday, June 09, 2006 10:52 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Article: "21st century university 
> campuses: a haven for hackers and data thieves?"
>
> Here's a brief article from Ars Technica on data theft in 
> higher education.  For those not familiar, Ars is a general 
> website for tech geeks, but the owner is in academics, so 
> there are more frequently articles on higher education than 
> other tech websites.  
>
> This recent article raises the issue of identity data theft in higher
> education:
>
> http://arstechnica.com/news.ars/post/20060607-7012.html
>
> While the quote from an IT admin at the end is rather 
> anecdotal, I did find the discussion interesting, 
> particularly this comment by
> "Semiapies":
>
> "I'll note that the "Part of the reason for this is the fact 
> that universities, by their very nature, tend to be centers 
> where openness of information is encouraged, and convenience 
> of access to this information is seen as a positive thing" 
> bit has precisely jack to do with slapdash security when it 
> comes to students' personal information kept by a school. 
> It's a non sequitor - you might as well try to blame dorm 
> burglaries on the need to have the university library open all day."
>
> While the quote misses the correlation between security and 
> historic open network architectures in higher education, it's 
> quite valid.  
>
> A follow-up on the discussion by "Cretion" also hits this point:
>
> "The problem is simply properly securing sensitive 
> information. Just because a community is more open doesn't 
> mean that information is more accessible. If anything, it 
> shows schools are rather behind the curve on proper security 
> because that just costs more money. I don't know many schools 
> that have a proper staff of technical people, and hence, you 
> get security problems, but not because of a desire to be open."
>
> While the article and discussion aren't any revelations to 
> this group, I found it interesting to see some thoughtful 
> posts in the discussion.  
>
> Brad Judy
>
> Information Technology Services
> University of Colorado at Boulder