The List PA says I did not provide enough information in my last
response to this thread.
Yes Higher ED has real problems, IMHO.
The degree of the problems varies from institution to institution. The
general understanding regarding records is limited to FERPA. Adherence
to FERPA is carved in stone. Of course, interpretation of FERPA varies
as well. The Privacy Act is not a major concern. GLB 1999 was endorsed
by the financial board for higher ed. (NACUBO) several years later. If I
recall they required a spring of '03 compliance. There was no compliance
audit.
CoBiT and COSO along with INTL are could controls. They are not
uniformly implemented throughout the industry. I would also suggest the
most IT folks I know in the University system would argue that CoBiT and
COSO are overkill. Resistance, while futile, is ever present.
The level of expertise is broad. Higher Ed., seems to feel that they are
under funded. Cuts in IT make for maintenance and implementation
shortcuts. As a marketing tool, IT in tries to provide current and
prospective students with a modern picture. Portals, Web marts, Data
warehouses, voice over IP and any new idea that pops up is pursued, and
integrated as quickly as possible.
We have seen in RM the pitfalls of running to fast. In trying to provide
the most modern up to date profile possible gaps have appeared. Points
of access from outside are created every time you put something new in
the mix. The payout for those accessing a system can be huge.
The level of oversight within the industry is probably not adequate to
the task. Outside and internal auditors might or might not be savvy
enough to catch shortfalls. The Accreditation Review Boards look at
academic issues and the institutions enjoy a fairly autonomous existence
within the various states. Keep in mind that most legislators came from
one institution of higher learning or another.
Balancing the needs, rights and protection given to faculty staff and
students is a challenge to IT. Balancing these with the system can
create problems and potential security issues.
Do folks hack the systems. You bet. Are they all reported? Why? Can they
be stopped? It is a felony to hack a university system (as long as they
are adhering to Due Diligence). Ask the FBI what to do.
Chris Flynn
The following snippets from an article this weekend are interesting, but
mostly from the perspective that this is a critical problem at
educational
institutions. Just wondering if this advocacy group promotes an extreme
view
or if there is validity to the statement. Anyone have inside knowledge?
"KNOXVILLE -- The University of Tennessee notified about 1,900 students
and
employees Friday that their names and Social Security numbers were
inadvertently posted on the Internet. . . . . . .
The Identity Theft Resource Center, a nonprofit advocacy organization in
San
Diego, said 110 identity information breaches have been reported to the
center this year.
``It's rather significant that almost 60 percent of that list is
educational
institutions,'' Jay Foley, co-executive director, told The Knoxville
News
Sentinel.
``To look at the college network as an apple, it's worm-ridden,'' he
said."
Thanks,
Mary W. Haider
Records & Information Manager
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
|
