In Brief
Universities Get Hacked the Hardest
Decentralized networks, curious students made colleges frequent victims of hacking
By Kathleen Carr
July 01, 2005 — CSO —
According to California's Office of Privacy Protection, 28 percent of that state's security breaches since 2003 have taken place at a college or university. The people we talked to say it's not a surprise. Why? Three reasons.
First, college networks are decentralized; some of their infrastructure is outdated; and there is a lack of training and accountability among students, faculty and staff, says Connie Sadler, director of IT security at Brown University. In addition, students who consider hacking a game and are out to prove their ability view colleges and universities as excellent targets.
Second, hackers start out by trying to get into their own records, and then they move into more sophisticated infrastructures, says Larry Ponemon, adjunct professor of ethics and privacy at Carnegie Mellon University and founder of the Ponemon Institute, a think tank whose mission is to advance privacy management practices in business and government. High school and college students tend to hack institutions with which they already have a relationship.
And third, colleges and universities have done a poor job vetting business partners who handle data in their work, Ponemon says. Colleges in general need to do a better job vetting the technology controls—for example, at a student loan services company or other partner—before entering into a business relationship, Ponemon adds.
Other stories by Kathleen Carr
Data Center Directions Virtual Conference
Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.
The Surest Path to Effective and Efficient Compliance
In this webcast, we explore why and how — with best practices, practical tips and solutions that work — to ease your compliance challenge.
- Make Compliance Regulations an Ally Not an Enemy
- Protecting Sensitive and Confidential Information with Endpoint Security
- Endpoint Security: Compliance at the Endpoint
- Revolutionizing Endpoint Security with a Single Agent
- Data Protection: Challenges for the Traveling User
- View Gartner Video: Best Practices on Web Application Security
- Unlock the Power of Device ID to Combat Online Fraud and Abuse
- Network Security Services: Outsourcing considerations for maximizing network protection
- IT Service Management: Metrics That Matter
- Optimizing Infrastructure Control
- Effective Security with a Continuous Approach to ISO 27001
- File Integrity Monitoring: Secure Your Virtual and Physical IT Environments
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Executive Seminar on Application Security
-
January 29, 2009New York, New YorkRegister now »
-
February 25, 2009San Francisco, CaliforniaRegister now »
(ISC)2 members can earn up to 6 CPE Credits
Reference priority code ONLINE and attend this program as our guest — that's a $295 savings!
