Tech-Talk: Gatewood Speaks

Stan Gatewood, Chief Information Security Officer at the University of Georgia, spoke to several groups of administration, faculty, and students on Thursday, Oct. 28 as part of National Cyber-Security Awareness Month. Gatewood, who has worked in cryptography and information security for the United States Air Force, Bell Labs, the National Security Agency and AT&T, spoke on administrative, technical, and legal challenges surrounding information security in today’s world.
Gatewood said the greatest technological threat to students is identity theft. Securing personal student information, such as medical records, financial aid records, or grades, is especially challenging in an academic environment.
“Universities are wide open,” Gatewood said. “Their whole existence is based on sharing information and having their resources available to everyone. Striking a balance between securing information and making it available is our greatest challenge.”
In order to secure electronic information each university has several levels of protection. These protections include network firewalls and authentication servers. With the advent of wireless networking technology, information security officials must use tactics such as wardriving to find and shut down unauthorized networks. Unfortunately, a network is only as secure as its least-secure device. This fact makes educating users on safe computing practices essential.
Students must be aware that in today’s wired world sensitive personal information is tied to them. The University System of Georgia, along with credit card agencies, banks and many other public and private services, currently use individuals’ social security numbers as a means of identifying users. This is due to the fact that each individual’s social security number is unique. Unfortunately, the widespread use of these numbers makes it a prime target for identity theft and serious criminal exploitation. The University System of Georgia recently re-initiated an effort to use another means of identifying students; this program may take several years before affecting students at GC&SU.
According to Gatewood, federal laws are in place to protect student information. FERPA, the Family Educational Rights and Privacy Act, protects the privacy of students’ educational records. In addition, the Health Insurance Portability and Accountability Act (HIPAA) provides for the protection of medical information. Each university’s Chief Information Security Officer (CISO) is responsible for ensuring that these laws are complied with and information is secured. Chad McDonald is CISO for GC&SU.
As National Cyber-Security Month wraps up, users should remember that security is a full-time, year-round job that requires vigilance from all.

Mike Madison contributes as a service to the OIIT.

Posted by Colonnade Archives on Nov 12 2004. Filed under News. You can follow any responses to this entry through the RSS 2.0. You can leave a response or trackback to this entry