CrYpTiC MauleR wrote:
Already 2 school breaches on the news this week and my school will soon be
added to the ever growing list, is this a trend? I mean how hard is it to
protect some data. Allocate all the sensitive data on a select few servers
and harden the hell out of them. Do these schools have info scattered
around on various servers and sites and don't know what is where? I mean
Jesus Christ just this week 477,000 personal records have been possibly
breached. Does anyone know of any federal law being made or in discussion
to prevent these from being an everyday thing and enforcing policies like
California has?
Many universities do not have a central IT organization running every computer
on campus as you would in a commercial enterprise. They have a decentralized
model where each school, department, or research group runs their computers.
In addition, you have many students, faculty, and staff with personally owned
laptops that they take care of (or not) themselves. So you have many little
fiefdoms running computers, some with more of a clue than others. The
clueless ones have untrained students running the computers, and most of them
don't know much about security. They're told to setup a computer and put this
data on it so the professor can do his research.
Central entities in universities, like the registrar, should know what they
are doing if they are setting up ways to remotely access information.
Not responding to emails and/or phone calls to the security/abuse/etc group is
irresponsible, if you ask me.
--
Mike Iglesias Email: iglesias@uci.edu
University of California, Irvine phone: 949-824-6926
Network & Academic Computing Services FAX: 949-824-2069
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
