Educause Security Discussion mailing list archives
Re: Article: "21st century university campuses: a haven for hackers and data thieves?"
From: Daniel R Jones <Dan.Jones () COLORADO EDU>
Date: Fri, 9 Jun 2006 11:46:29 -0600
Another factor that does not get addressed is the actuall number of impacted individuals. Interestingly if you use the list from Privacyrights.org (http://www.privacyrights.org/ar/ChronDataBreaches.htm) the percentage for education is higher (34% plus another 6% for university hospitals) than the Choicepoint numbers. Commercial 23% 41 Education 34% 61 Federal 4% 7 Financial 14% 26 Health Care 7% 12 Non Profit 3% 5 State and Local 10% 19 Education & Health Care 6% 10 Total 181 However, when you look at the actual numbers financial is must higher followed by government. Commercial 4% 3793580 Education 2% 2084345 Federal 29% 27171550 Financial 52% 47972173 Health Care 1% 865100 Non Profit 2% 1398000 State and Local 10% 9457947 Education & Health Care 0% 180901 Total 92923596 I would also argue that Higher Ed has been much better at reporting than other segments (okay I'm biased here). A large question which can't really be answered is the number of potential exposures (e.g., a lost laptop) vs known exposures (e.g., dishonest employees or credit card fraud). Regards, Dan Information Technology Services University of Colorado at Boulder
-----Original Message----- From: Brad Judy [mailto:Brad.Judy () COLORADO EDU] Sent: Friday, June 09, 2006 10:52 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Article: "21st century university campuses: a haven for hackers and data thieves?" Here's a brief article from Ars Technica on data theft in higher education. For those not familiar, Ars is a general website for tech geeks, but the owner is in academics, so there are more frequently articles on higher education than other tech websites. This recent article raises the issue of identity data theft in higher education: http://arstechnica.com/news.ars/post/20060607-7012.html While the quote from an IT admin at the end is rather anecdotal, I did find the discussion interesting, particularly this comment by "Semiapies": "I'll note that the "Part of the reason for this is the fact that universities, by their very nature, tend to be centers where openness of information is encouraged, and convenience of access to this information is seen as a positive thing" bit has precisely jack to do with slapdash security when it comes to students' personal information kept by a school. It's a non sequitor - you might as well try to blame dorm burglaries on the need to have the university library open all day." While the quote misses the correlation between security and historic open network architectures in higher education, it's quite valid. A follow-up on the discussion by "Cretion" also hits this point: "The problem is simply properly securing sensitive information. Just because a community is more open doesn't mean that information is more accessible. If anything, it shows schools are rather behind the curve on proper security because that just costs more money. I don't know many schools that have a proper staff of technical people, and hence, you get security problems, but not because of a desire to be open." While the article and discussion aren't any revelations to this group, I found it interesting to see some thoughtful posts in the discussion. Brad Judy Information Technology Services University of Colorado at Boulder
Current thread:
- Re: Article: "21st century university campuses: a haven for hackers and data thieves?" Daniel R Jones (Jun 09)