Click here to receive your FREE subscription to Campus Technology
Security Research
Campus Security Report Card: C for Effort
10/29/2007
Colleges and universities have done little over the last three years to improve information security. Hindered by lack of staff resources and funding, security efforts remain largely unchanged, while incidents of breaches--including the theft of personal information from within and without--continue to plague campuses. And, what's more, the integration of physical and IT security is still a reality in only a small minority of schools.For these reasons and more, higher education institutions received, on the whole, a C average in the 2007 CDW-G Higher Education IT Security Report Card, the latest annual study from CDW-G and O'Keeffe & Co., which measures responses from higher education IT professionals to gauge the state of security on college campuses.
Network Infrastructure Security
On the whole, according to the report, IT security is in about the same position it was in last year, although there has been a 10 percent increase in the theft, loss, or exposure of data. Fifty-eight percent reported IT security "incidents," identical to the results from last year's study. But 43 percent reported lost, stolen, or exposed data, up 10 percent. Seventeen percent reported loss or theft of personal information about staff members, up 12 percent from last year; and 16 percent reported loss of theft of personal information about students, up 7 percent from last year.
Yet the vast majority of the IT professionals surveyed (93 percent) said they considered their network infrastructure "very safe," "safe," or "moderately safe." Only 7 percent said their network infrastructures were "not safe" or "fairly vulnerable."
Risks and Barriers to Security
So what do campus IT professionals consider to be the biggest threats to information security? Perhaps unsurprisingly, "sensitive data residing on unprotected or vulnerable computers" ranked No. 1 (with an average risk ranking of 3.68 out of 5). This was followed by (in order):
- Intruders gaining access to high-profile, highly sensitive information or research results (3.59);
- Downloading of unauthorized material (3.48);
- End user sharing of authorized access (3.44);
- Identity theft of a community user (3.32);
- Increased use of laptops or other portable networked devices (3.3);
- Vulnerability of wireless networks (3.16);
- Malicious use of the network to attack other targets (3.1); and
- Weak security credential policies (2.99).
Recommended Reading
- Tufts Grants Rights for Mileage-Increasing Transportation Technology to Electric Truck
Tufts University has optioned rights to a technology that can recharge the batteries of any hybrid electric and electric-powered vehicle while it is driven. The Tufts-developed technology could increase by 20 percent to 70 percent the miles per gallon or total driving range performance of vehicles like the Honda Civic, Ford Escape, and Toyota Prius hybrids and the Tesla Motors and Phoenix Motorcars electric vehicles.
- U Florida and Cyntellect Collaborate to Unlock Mysteries of Cancer Stem Cells
The University of Florida has entered into a research agreement with life sciences company Cyntellect. The university's Interdisciplinary Center for Biotechnology Research will work with the company to focus on a variety of research areas including the purification and analysis of cancer stem cells (CSCs), rare cells believed to be directly involved in propagating cancers.
- George Mason U Receives Grant To Deploy Intergraph Apps for Intelligence Curriculum
George Mason University (GMU) in Fairfax, VA has been awarded a grant from Intergraph to enable students enrolled in GMU's Geospatial Intelligence Graduate Certificate program to use the company's geospatial production and exploitation software as part of their core curriculum.
- Institute for Cyber Security at U Texas, San Antonio Opens Incubator
The University of Texas at San Antonio (UTSA) Institute for Cyber Security (ICS) has launched a new Internet security incubator. The incubator was developed to commercialize promising technologies that address major cyber security and privacy issues. The first companies to enter the incubator are Denim Labs and SafeMashups.
- ISO/IEC Publishes Office Open XML Standard
ISO/IEC has published the Office Open XML (OOXML) file format standard, formally known as ISO/IEC 29500:2008. It describes file formats originally designed by Microsoft for its Office 2007 productivity suite, which are used in presentation, spreadsheet and word processing applications.
- Dynamics NAV 2009 ERP Coming Next Month
Microsoft exec Kirill Tatarinov Wednesday described some new features to expect in the forthcoming Microsoft Dynamics NAV 2009 enterprise resource planning solution. He gave the keynote address at Microsoft's Convergence 2008 event in Copenhagen, Denmark.
