Sacramento State Bulletin

Security Assessment Protects Privacy
by Larry Gilbert, Information Resources and Technology
vice president and chief information officer

Protection of the privacy of faculty, staff, and student identity information is a critical priority for the campus. We’re all painfully aware that hackers are constantly scanning the Internet for information that is vulnerable to attack. In order to be proactive in protecting the privacy and confidentiality of all identity information on campus, Sacramento State is conducting a comprehensive information security vulnerability assessment. The purpose of this assessment is to identify potential threats to the exposure of such confidential information and to advise the campus on ways that our private information can be better protected.

The Information Resources and Technology division has already worked with departments and colleges campus-wide to complete a comprehensive risk assessment questionnaire. The results of this questionnaire are being analyzed to provide a picture of the strengths and weaknesses of our information security processes. By the end of this semester, IRT will advise the campus of the most serious vulnerabilities found and will provide guidance on how we can all work together to better protect our information from hackers, malware and other threats.

IRT has also contracted with the Center for Information Security (CIAS) to conduct a vulnerability scan of our campus network and servers. This technical scan probes the network to identify potential holes in the security of our computing systems. For example, the scan might identify servers with software that is not patched to the current security level or a server without current anti-virus software. The CIAS will identify such vulnerabilities campus-wide and advise the campus on how best to correct those information vulnerabilities.

The most serious threats to our private information are those that have the potential to compromise critical identity information such as Social Security Numbers (SSN). For that reason, the final phase of the information security review at Sac State entails our Auditing Services unit conducting further scans of randomly selected computers across campus for the presence of SSNs. Data from this final phase will be matched with data from the CIAS vulnerability assessment to see if we have SSNs that may be vulnerable to attack. During this scan for SSNs, no individual files will be accessed. This is strictly a scan to measure the general incidence of identity information on vulnerable systems. This information will be used to advise us on the average level of risk to our identity data across campus and how we can eliminate that risk.

Protecting the confidentiality of private information will take all of us working together to remove risks to information security. You can help by paying attention to information security advice that will be coming your way and by following that advice to protect your data and that of others.

If you have questions or comments about this information vulnerability assessment, please direct them to Larry Gilbert at larry.gilbert@csus.edu.