clock menu more-arrow no yes

Filed under:

U. adopts data security policy

University has lots of sensitive data at stake

A few weeks ago, computers used by some students at the University of Utah were crippled because they didn't have "patches" on their "back doors."

That's tech talk meaning to say the computers weren't fully protected against hackers.

It's the kind of thing that makes U. officials want to have a policy that helps safeguard the school and its students against ruthless attacks by computer villains and viruses.

"The campus has lots of data that's pretty critical to operations," said Kevin Taylor, director of planning and policy for the Office of Information Technology. "There's a constant barrage of security probes and events that are going on and many of them originate offshore." That simply means the U. is always at risk,especially with some traffic moving from computer to computer

On Monday, the U. Board of Trustees caught up with federal requirements by adopting a policy with guidelines to help its departments assess risk to their computer equipment, software and data. Several U. agencies still need to sign off on the document.

The policy lays out who is responsible for particular types of information and guides them through the recovery process if something does happen to that data.

The U. gets more than 900,000 hits on its Web site every day, that 80 percent of its 28,000 students own computers and that 75 percent use the Internet for homework assignments, or that 60,000 e-mails move through the school's main server daily.

The U. already has its Institutional Security Office, which oversees safety and security of computer-generated information. This new document adds to that role.

"This is a good policy, in that it heightens awareness," said Joe Taylor, executive director of administrative computing services.

It's awareness, he said, that the U., acting as "custodians" of personal data, needs to continue funding and building security measures into its computer systems. Taylor is concerned about protecting data that includes biographical and demographic information. Protection doesn't stop there.

For example, students can make tuition payments online, set up their class schedule, check their grades through the computer and even choose a roommate with a few clicks of a mouse.

Via the U.'s Health Sciences home page, people can find a doctor, learn more about an illness and refill prescriptions, which is happening now at a rate of about 400 per month.

The new policy defines the importance of information technology resources and measures them as "critical," "essential" or "deferrable."

A deferrable designation means the college could get by for awhile without the resource performing correctly or on time. All essential resources must be included in a "disaster" recovery plan.


E-MAIL: sspeckman@desnews.com