Interesting People mailing list archives
more on Hacker Hits California University Computer
From: David Farber <dave () farber net>
Date: Wed, 20 Oct 2004 17:57:10 -0400
Begin forwarded message: From: Joseph Lorenzo Hall <joehall () gmail com> Date: October 20, 2004 5:29:34 PM EDTTo: Dave Farber <dave () farber net>, Ross Stapleton-Gray <ross () stapleton-gray com>
Subject: Re: [IP] more on Hacker Hits California University Computer Reply-To: joehall () pobox com (this is probably interesting enough for IP!)On Wed, 20 Oct 2004 16:11:37 -0400, David Farber <dave () farber net> wrote:
I was rather disappointed by how UC chose to implement policy amendments to respond to the changes in the law; so far as I saw they consisted largely of putting a patch on the existing security policy, when a more appropriate response, from my perspective, should have been to salvage an existing *records* policy that had seen years and years of neglect.
Let me (unofficially) respond to this being the grad. student on the leading technology committee on campus - the eBerkeley Steering Committee (eBSC)[1]. There has been much movement in the policy space on campus with respect to security (as Mr. Stapleton-Gray notes) and data stewardship (which Mr. Stapleton-Gray may not be aware of). Specifically, a policy - the Data Management and Use Policy[2] - was almost passed by our committee last year after two years in development; this policy would have mandated various steps in data stewardship across campus (data dictionaries, data stewardship roles, etc.). However, a few faculty members, other graduate students and myself saw the policy in that state as highly flawed (no interpretive documentation, statements about "owning" all data on campus across all media, etc.) partially because it had "stewed" amongst a small group of policymakers for two years. So, what happened to this policy and the process? We (the eBSC) decided to send it through the faculty senate for vetting. As you can imagine, sending a policy through the faculty senate is a time-consuming process but we are confident that a lot of the aspects of the policy that were particularly bad and short-sighted will be ironed out by the UC Berkeley faculty. Would this policy itself had made a difference? That's hard to say. We'll have to wait for more information on the nature of the attack. This is something that could happen (and has happened) to other universities... and getting PIs from many many disciplinary backgrounds to understand that they can't, for example, take large amounts of sensitive data home on their laptop, is not easy. [1] http://ebsc.berkeley.edu/ [2] http://datasteward.berkeley.edu/ Joe -- Joseph Lorenzo Hall UC Berkeley, SIMS PhD Student http://pobox.com/~joehall/ blog: http://pobox.com/~joehall/nqb2/ ------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on Hacker Hits California University Computer David Farber (Oct 20)