I debated posting this because we have so many great UH faculty members as members, and I don't want this to turn into a bash-fest on the people who were instrumental in helping us grow this community. That being said, it wouldn't be honest for us not to address the issue. Obviously three major security breaches in a year indicates a very serious problem. I'm sure most of you have read the articles, but for those who haven't:
From the Star Advertiser:
Washington, D.C.-based privacy policy institution.
A faculty member at the West Oahu campus apparently inadvertently uploaded personal information of 40,101 students to the Web. The information belongs to students who attended the West Oahu campus from 1988 to 1993, and Manoa students from 1990 to 1998 and in 2001.
The information was posted by a now-retired Institutional Research Office faculty member at 2:46 p.m. Nov. 30, 2009.
Everything from a student's Social Security number and citizenship to the highest level of education attained by parents, marital status and addresses were available online until Oct. 18, when the Liberty Coalition in Washington, D.C., discovered the information through a Google search.
Full Article
The evidence that we have a problem is incontrovertible. Rather than attacking UH, lets figure out how we can help. I've listed some of my ideas below. If you know something about security, please contribute yours.
There is no such thing as perfect security for any non-trivial system. That being said, we need to raise the bar considerably. The success of UH is critical to our state, and that success is contingent on students feeling that their personal data is secure.
Comment
Alex: You guys seem to be assuming this is a systemic error. I don't think it is.Its happened three times in the past year. How can you say its not systemic?
Alex: Let us not get caught up in the lynch mob of modern media (shallow and fast) and suggest solutions when we don't even know the questions. As long as we do not know more, is it a waste of time and effort to suggest solutions.Why are you assuming my assessment or Aaron's assessment was shallow and fast? What is lynch mob-y about what I wrote in this post? I think it was actually pretty friendly, don't you?
Alex: I think you are assuming that academic resources are being used at the organizational level. This is very seldom true. It is a complete misnomer that there is a "university world" and a "real world".I won't touch the last sentence because it would just be, well, counterproductive, but based on the past breaches that is exactly what is happening. The data is being managed by people outside of UH's IT organization - a professor, the parking office, etc.
Phill Moran: Independence of Audit is very important, as is accountability to the standards that you set for the Audit.I agree. I think the standards should be created by the office of the CIO in cooperation with an advisory board of industry experts. The audit itself should be conducted by an independent party not affiliated with either the university or the expert advisory board.
© 2025 Created by Daniel Leuck.
Powered by
You need to be a member of TechHui to add comments!
Join TechHui