slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Gale Fritsche PowerPoint Presentation
Download Presentation
Gale Fritsche

Loading in 2 Seconds...

play fullscreen
1 / 19

Gale Fritsche - PowerPoint PPT Presentation

  • Uploaded on

0. Securing Sensitive Information Across Campus. ACM SIGUCCS Computer Services Management Symposium April 9, 2006. Tim Foley. Gale Fritsche. Lehigh University. Library and Technology Services. Lehigh Overview. 0. Founded in 1865. Private research university located 90 miles west of NYC

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Gale Fritsche' - quang

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript


Securing Sensitive Information Across Campus


Computer Services Management Symposium

April 9, 2006

Tim Foley

Gale Fritsche

Lehigh University

Library and Technology Services


Lehigh Overview


  • Founded in 1865. Private research university located 90 miles west of NYC
  • Ranks 32th out of 248 national universities in US News and World Report’s annual survey
  • Approx 4700 undergraduates, 1200 graduate students, 450 faculty and 1200 staff
  • Approx 90% Windows PCs, 5% Mac and 5% other (Linux etc.)
library technology services organizational structure


Library & Technology ServicesOrganizational Structure

Vice Provost

Library & Technology

Client Services

Administration &


Library Systems &


Enterprise Systems



Distance Education &

Faculty Development

presentation agenda
The Problem

Lehigh’s Committee Structure

Process & Recommendation

Issues and Concerns

Other Data Security Initiatives


Presentation Agenda
why do you need secure information


Why do you need secure information?
  • Stolen Cal Berkeley laptop exposes personal data of nearly 100,000 (AP March 29, 2005)
  • A laptop with personal information of students and applicants was stolen from the Cleveland State University admissions office (WKYC-TV, June 3, 05)
  • Two laptops were stolen from UW Medical Center office with the personal data of about 1,600 patients (Seattle Post-Intelligencer, Jan 24, 2006)
  • 6000 affected at the University of Northern Iowa when laptop computer holding W-2 forms of student employees and faculty was illegally accessed (AP Feb 18, 2006)

23 states with security breach laws

Consumers Union report as of 11/30/05

Reported breaches - 53,533,214 people affected since 2/15/05 see:



Committee Structure

Advisory Council for

Information Services

Data Advisory


Data Standards




Account Opening

Sub Committee


Sub Committee

Data Encryption

Sub Committee

Identity Mgmt

Sub Committee



Committee Charge

Data Encryption

Sub Committee

  • Systems Analysts
  • Security and Policy Officer
  • Computing Consultants
  • Database Manager
  • Enterprise Information Consultant
  • Client Services Team Leaders

Examine current encryption technologies to address the best way to encrypt PCs, Macs, PDAs and other portable devices, and LTS backups to comply with the Lehigh University security plan



Subgroups Formed


  • Basic file access to LTS shares
  • Removable media
  • PDAs (Palms and Pocket PCs)
  • Desktop PC encryption (Windows and Macs)
  • Backups (Windows and Enterprise)
  • Encryption of Unix, and Oracle
  • Encryption of network traffic
  • Microsoft SQL Server security
  • Encryption keys
  • End user training


Process & Recommendations

  • Off campus visits
  • Web research
  • Software testing
    • EFS encryption, Truecrypt, WinMagic
  • Encryption webpage development
  • Data security seminars
  • Various meetings with clients
  • Data security blog for staff
  • Identified University apps needing compliance with FERPA and HIPAA


Final Recommendations

  • Whole disk encryption for PCs
  • Encrypted disk images for Macintosh
  • Folder encryption using Windows EFS encryption
  • Truecrypt for Pocket PCs and removable media
    • software for Treos (Investigating)
  • Password protect Palm devices or Pocket PCs
  • Backup encryption (EFS Encryption and MS Backup)
  • Restricting local logins (XP local security policies) for users with Banner reporting roles
  • Enterprise backups are secure in machine room and transit. Still examining options for enterprise backup
  • Terminal Server for FERPA and HIPAA applications (Police Database, Counseling Services)

Issues and Concerns


  • Cost of software
  • Recovering data on drives using whole disk encryption
  • Management of encryption keys
  • Privileges to download banner/access reports to PCs
  • Other places sensitive data reside on a hard drive
    • The recycle bin, temporary internet files
    • Laptop sleep mode (writes desktop to temporary files)
  • Management of shared encrypted resources


Other Data Security Initiatives

  • Campus firewall
  • Secure wireless implementation
  • Procedures for wiping computer hard drives prior to disposal
  • Campus Police registration database
  • Windows Vista testing (Bit Blocker Encryption)
do you have file encryption requirements at your college or university if so what do you encrypt

Discussion Questions

Do you have file encryption requirements at your College or University ? If so, what do you encrypt?
  • Desktop PCs
  • PDAs
  • Backups
  • All of the Above
have you implemented a identity management system if so what vendor did you use
Have you implemented a Identity Management System? If so, what vendor did you use?
  • IBM
  • Computer Associates
  • Microsoft
  • Novell
  • SUN
  • Other
what type of information do you feel need to be the most secure
What type of Information do you feel need to be the most secure?
  • Employee SSNs
  • Student Medical Info
  • Alumni Donor Info
  • Athlete Recruiting Info
contact information
Contact Information

Tim Foley –

Gale Fritsche –