Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Value of Protecting "Public" Data ?

From: "Carr, Michael G" <michael.carr () UKY EDU>
Date: Mon, 30 Jan 2012 12:31:47 -0500
While sunshine laws may determine that certain (or many) data elements are "public", data stewards still have an 
obligation to ensure that this "public" data has integrity and, accordingly, is only created, changed, or deleted by 
authorized persons.

Insofar as determining the value of this data and the amount of resources one is willing to invest to protect the data, 
security is a business decision and much would depend on the cost to reproduce or restore, possible negative impact to 
reputation if a system full of "public" data is compromised, and impact to the business if this "public" data were to 
become unavailable (for some period.)

Mike

--------------------------------------------------------
Michael G. Carr, JD, CISSP, CIPP
Chief Information Security Officer
The University of Kentucky
122 James F. Hardymon Bldg
Lexington  KY  40506-0495
Desk: (859) 218-0306
Michael.Carr () UKy edu 

 www.educause.edu/policy/dataprivacy 

Security/Privacy Tip: YouTube video on securing your smartphone; Google Search: "youtube privacy now TV Secure 
Smartphone"

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
Mclaughlin, Kevin (mclaugkl)
Sent: Monday, January 30, 2012 12:21 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Free Download of Matt Ivester's Book Available Now (until Jan. 30)!

But now among my peers I have to take this into a different arena and into an area that is a pet peeve of mine. I won't 
say what my belief on what I am saying is just yet but here's the question:

As Information Security professionals we classify data - from our professional viewpoint is data that is classified as 
public really worth anything? Would we encourage the expenditure of funds to protect it?

- Kevin


Kevin L. McLaughlin,  CISM, CISSP, GIAC-GSLC, CRISC, PMP, ITIL Master Certified Chief Information Security Officer 
(CISO) & Assistant Vice President Administration & Finance TEWG-Region 6 TLO
University of Cincinnati
513-556-9177
 
Previous By Date Next
Previous By Thread Next

Current thread: