Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Catch a clue from an EDU: Universities that get security right

Mary K. Pratt | May 10, 2011
In these days of consumer gadgets and mobile access, corporations can learn a lot from how universities deploy multiple layers of security.

Allen acknowledges that Baylor's philosophy is still evolving into an actual practice and has yet to reach its full potential. The practice, which has its roots in risk management, allows the university to identify which data carries a low occurrence/low impact risk and which should be assigned to a higher category of concern. "If it's a low occurrence but has a big impact if something happens, then it's categorized as high risk," he explains.

Baylor isn't the only higher-ed institution that uses data classification to manage risk and security. Tom Davis, the chief security officer at Indiana University, has assigned members of his team to work with high-ranking individuals from each area of the institution who have responsibility for broad swathes of data. Their goal is to determine what standards and restrictions are required for different types of data, Davis says.

Likewise, Georgia State's Clark started focusing on data back in 2008. She says her team took a year working with so-called "data stewards" in each area to study which professionals needed access to what data and how much protection should be assigned to safeguard that data.

For a long time, we were putting out fires, but what would be better is to find the combustible before it even starts to smolder.
Jon Allen, information security officer, Baylor University

"We need to start thinking differently about what other things we can do to protect our data," Allen says. "For a long time, we were putting out fires, but what would be better is to find the combustible before it even starts to smolder."

That's a philosophy that applies not just to data classification but to universities' security efforts in general -- to stay out in front of the ever-changing landscape of threats.

"The people leading the way understand that it's not a single product" that will make their myriad systems secure, says Michael Maloof, CTO at TriGeo Network Security, a Post Falls, Idaho-based security software firm that counts institutions of higher education among its clients. "There's no one thing, no silver bullet. It's a layer of things, and it's an ongoing process."

 

Previous Page  1  2  3  4  5  6 

Sign up for CIO Asia eNewsletters.

The 3-step game plan to secure your journey to the cloud

Equinix to open its 5th IBX data centre in Hong Kong in fourth quarter of 2017

Building a better WAN: Detmold takes a leap of faith

Dell EMC addresses increasing demand for hyper-converged infrastructure in Singapore

Eaton opens office in Singapore

3 in 4 C-suite leaders in Singapore to be negatively affected by talent shortages over next three years

OCBC Bank accelerates revenue growth with chatbot

Dell EMC addresses increasing demand for hyper-converged infrastructure in Singapore

National Day Rally 2017: Singapore focuses on integrating systems to realise Smart Nation

Eaton opens office in Singapore

Malaysian university UTP marks 20th anniversary with new stride into cloud transformation

33 Malaysian websites hacked following SEA Games error: Experts reaffirm security musts for Sysadmins

This is how we'll help 5G transform Malaysia’s communications landscape and smart cities, says new partnership

Malaysia's Mesiniaga enterprise cloud mandated by PCI DSS certification

Digital Malaysia: Penang teacher centre transforms into Digital Maker hub