STORIES

Calendar

Achievements

In The News

Briefly Noted

President's Desk

Information Technology

Credits

Archives

Information Technology

Information Security: An Ever-Changing Task

IInformation security is constantly in the news: a new Windows virus that upsets e-mail systems, using Social Security numbers as identifiers, identity theft, spyware sniffing in computers and stealing information, and hackers who enter computer systems and create havoc.

California State University, Chico has made information security a priority, and many staff hours have been spent working to make our systems and computers secure. Creating a more secure computing environment that includes more than 2,300 desktop computers, hundreds in labs, and server and networking equipment occupies more and more time and effort.

Last year Brooke Banks was named information security officer. She has been working with the Electronic Security Team to foster a communications network among technical staff, develop and maintain procedures for responding to security-related events, and analyze vulnerabilities and protections. An Information Security Coordinating Committee has also been formed to address campuswide security policies and procedures required to protect confidential data across the university.

The university will be responding to a new law, SB 25, which prohibits state agencies from publicly posting or displaying an individual's Social Security number or doing anything that might compromise the security of an individual's Social Security number. Staff will analyze alternatives to using these numbers and determine how the law will affect Chico State. As the campus moves its management systems to PeopleSoft, we will be compliant with the law since PeopleSoft does not use Social Security numbers as identifiers.

Our campus information security plan focuses on six immediate goals to improve our electronic security:
• Protecting desktop computers by using LANDesk to remotely provide support and push critical software updates, and using the Microsoft System Update Server to automatically install critical patches (PCs only)
• Protecting servers by implementing server registration and sharing information with server administrators by secure practices
• Protecting the network from outside attack by implementing a border firewall
• Updating or eliminating older computers that are not capable of running current, more secure operating systems
• Protecting student, faculty, and staff data by developing policies and procedures to ensure data is secure
• Improving security through a user-education program

An information security awareness campaign includes weekly information security tips to faculty, staff, and students via e-mail announcement, flyers, ads in The Orion, information to students in residence halls, and information to new students and their parents. A Web site, http://www.csuchico. edu/inf/security, offers campus alerts; information on desktop, network, and server security; policies and procedures; laws; links to outside sites on identity theft and protecting confidential data; and how to report a security breach.

For more information on protecting our electronic information, The Security Seven was developed to provide tips to the campus:
1. Protect computer passwords
2. Protect confidential information
3. Update system patches, security fixes, and antivirus software
4. Use secure and supported applications
5. Don't open suspicious e-mail attachments
6. Back up your data
7. Use a password protected screensaver to "lock" your computer when unattended, and turn it off at night (unless it is backed up at night and must be left on)

Details on each tip are available at
http://ww.csuchico.edu/inf/security/security7

Vicky L. Breeden
Information Resources