The University needs new cyber-security policies.
Information Technology Services has proposed policy solutions, but they haven’t been enacted yet. They should be put into place as soon as possible.
The announcement that one of the University’s databases at the School of Medicine was breached — exposing personal information on 236,000 women — makes the situation urgent.
William Cameron, the assistant vice chancellor for information security, said the ITS proposals would standardize cyber security across campus and could prevent future breaches like the one at the medical school.
The proposals are set to be presented to the Faculty Council on Oct. 9.
Some might not want to implement these policies because of the money required and the complexity of technological issues.
But it is imperative that the council approve these polices and advance them to the next stage of review.
Cameron said that policies take time to implement and that many of the ITS proposals require resources.
That means faculty might have to set aside money in their research funds for security. The sooner they know how much money they have to set aside, the better.
Plus, without good cyber security, the University risks losing the trust of anyone whose information is stored in its systems.
The breach at the medical school even caused concern that the University could lose research funding.
Let’s not go down that road.
But Cameron said the 26.6 million cyber attacks the University defended itself against in 2008 aren’t going away.
Hackers won’t stop hacking, and the security problem won’t be fixed without concerted efforts and resources.
ITS has proposed thorough security policies. The Faculty Council should approve them, and the University should implement them soon.