Spring Break
Audit urges better online protection
System schools need better confidential information security online, according to UW System findings
Jacob McCormick
Issue date: 4/14/08 Section: News
Over four million students, faculty, staff and alumni records were involved in 190 college and university database breaches around the country over a three-year span, according to a recent internal audit by the UW System.
Because of this, the audit recommends that System schools do more to protect the confidential information stored on their system databases.
System spokesman David Giroux said the audit was conducted by the System itself and is part of routine checks of policies and procedures.
"This was not a security test," Giroux said. "This was internal auditors examining written policies and procedures to make sure we have the right people and staff positions responsible for data security."
The audit recommends that campuses, such as UW-Eau Claire, create an office for an information security officer to protect the increased risk of unauthorized disclosure of confidential data as a result of the increased use of information technology.
Additionally, while every System school has a process for dealing with security incidents, only two institutions have formal, written procedures documenting the process for responding to the problem, according to the report, which recommends the schools work to develop written policies and procedures.
With the increasing and changing nature of threats, according to the audit, UW institutions will need to increase attention to securing their computer networks and confidential data to mitigate threats to UW computer networks and private data.
Giroux said the culprit isn't always trying to find Social Security numbers or access someone's personal information, as it can be people using the network to distribute illegal music or movies.
"(The breaches) take several forms," he said, "but that's why we do internal audits - it's an opportunity to sharpen procedures and check ourselves against the best practices in the industry."
UW-Eau Claire police chief David Sprick said the department doesn't see a lot of identity theft cases stemming from security breaches on campus. He said the majority of problems come from credit card fraud when someone gets involved in an online scheme.
Because of this, the audit recommends that System schools do more to protect the confidential information stored on their system databases.
System spokesman David Giroux said the audit was conducted by the System itself and is part of routine checks of policies and procedures.
"This was not a security test," Giroux said. "This was internal auditors examining written policies and procedures to make sure we have the right people and staff positions responsible for data security."
The audit recommends that campuses, such as UW-Eau Claire, create an office for an information security officer to protect the increased risk of unauthorized disclosure of confidential data as a result of the increased use of information technology.
Additionally, while every System school has a process for dealing with security incidents, only two institutions have formal, written procedures documenting the process for responding to the problem, according to the report, which recommends the schools work to develop written policies and procedures.
With the increasing and changing nature of threats, according to the audit, UW institutions will need to increase attention to securing their computer networks and confidential data to mitigate threats to UW computer networks and private data.
Giroux said the culprit isn't always trying to find Social Security numbers or access someone's personal information, as it can be people using the network to distribute illegal music or movies.
"(The breaches) take several forms," he said, "but that's why we do internal audits - it's an opportunity to sharpen procedures and check ourselves against the best practices in the industry."
UW-Eau Claire police chief David Sprick said the department doesn't see a lot of identity theft cases stemming from security breaches on campus. He said the majority of problems come from credit card fraud when someone gets involved in an online scheme.
Be the first to comment on this story