UCLA breach is a warning, but IET resources can help Davis dodge trouble

Reports of the serious computer security breach at UCLA "underscore the tremendous risks of hosting electronic personal identity information on automated systems," says Pete Siegel, vice provost for Information and Educational Technology (IET), in a new letter to members of the Council of Deans and Vice Chancellors.

He suggests they ask individuals in their units to reconfirm their vigilance in protecting IDs, lists various ways IET can help, and describes services the department plans to add in the spring.

Cyber-safety is crucial, a directive reminded the campus in October, and individuals are held responsible for security breaches involving personal information when the breach could have been prevented. The cyber-safety policy the campus adopted in 2005 requires managers and technical staffers to verify that security vulnerabilities in electronic systems are identified and corrected.

Security resources IET has made available for free include:
  • Software tools to locate personal identity records in electronic storage
  • Vulnerability scanning systems
  • A campus-wide anti-virus license for staff and faculty
  • Network firewall implementation assistance
  • Security awareness materials for technical and general employee audiences
  • Security practices guides.
In spring 2007, Siegel continues, IET will implement further security measures:
  • Subsidization of campus unit VLAN firewalls
  • A centralized scanning service to identity vulnerabilities in Web applications in development and production
  • Whole disk encryption software for mobile devices
  • Operating system and anti-virus update servers
  • Technical training through the 2007 IT Security Symposium, to be held June 20-22, 2007.

"If your organization has any questions pertaining to our shared responsibilities or how to take advantage of the campus services," Siegel wrote the council, "please do not hesitate to contact campus IT Security Coordinator Robert Ono at 530-754-6484."

In mid-December, UCLA alerted about 800,000 people that their names and certain personal information were contained in a restricted database that was illegally accessed by a sophisticated computer hacker. The Los Angeles campus has created a Web site with updates.