CrYpTiC MauleR wrote:
Already 2 school breaches on the news this week and my school will soon be added to the ever growing list, is this a trend? I mean how hard is it to protect some data. Allocate all the sensitive data on a select few servers and harden the hell out of them. Do these schools have info scattered around on various servers and sites and don't know what is where? I mean Jesus Christ just this week 477,000 personal records have been possibly breached. Does anyone know of any federal law being made or in discussion to prevent these from being an everyday thing and enforcing policies like California has?
Many universities do not have a central IT organization running every computer on campus as you would in a commercial enterprise. They have a decentralized model where each school, department, or research group runs their computers. In addition, you have many students, faculty, and staff with personally owned laptops that they take care of (or not) themselves. So you have many little fiefdoms running computers, some with more of a clue than others. The clueless ones have untrained students running the computers, and most of them don't know much about security. They're told to setup a computer and put this data on it so the professor can do his research.
Central entities in universities, like the registrar, should know what they are doing if they are setting up ways to remotely access information.
Not responding to emails and/or phone calls to the security/abuse/etc group is irresponsible, if you ask me.
-- Mike Iglesias Email: iglesias@xxxxxxx University of California, Irvine phone: 949-824-6926 Network & Academic Computing Services FAX: 949-824-2069 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/