CARA VAN METER
Assistant Art Editor
Last week, Pepperdine’s Information Technology department announced the implementation of a new information security program designed to deter identity theft and other forms of electronic crime.
At the beginning of 2005, Pepperdine’s senior director of Data Center Services, Kathee Robings, took on a second role with the newly created title of information security officer. The university’s reason for creating her new role is also behind the recently revealed information security program.
The new program will feature tri-annual password changes and other security measures to prevent identity theft and fraud.
According to Robings, more than 60 percent of the information security breaches reported by organizations in 2005 came out of higher education institutions.
Over the past year, Robings has worked with a special interdepartmental task force to develop a program designed to address these problems.. The advisory task force has a lot of what Robings describes as “high level membership,” including representatives from the president’s office and the legal counsel, as well as a dean from the business school, the director of internal audit and the director of public safety.
“I’ve tried to bring in the areas that would have a high level of concern about the university,” Robings said.
Lauren Waldvogel, director of Insurance and Risk Management said the new program is designed to help the university protect its community “by staying one step ahead” in an atmosphere of rapidly changing technology.
“With IT’s assistance, the new information security program will help the University combat the very real threat of identity theft and other identity crimes we face today,” Waldvogel said in a statement issued by the Public Relations department. Other members of the task force declined to comment.
The focus of the new program, she said, is to crystallize the policies that will ensure the safety of Pepperdiners’ information as well as to increase awareness and provide training for faculty, staff and students on the best possible methods for adopting these new policies.
Though Robings is optimistic about the improvements that will result from the new program, she reveals the challenging nature of bringing the contradictory idea of information protection into the educational environment which is based on the sharing of information.
“It’s a whole culture shift,” Robings said. “We want to continue to promote the sharing of educational information,” she said, “We just have to do it in a way that is safe in today’s environment.”
Senior intercultural communication major Stephanie Husband became the victim of one such episode two years ago when the University of Southern California, to which she had applied before deciding to attend Pepperdine, sent her a letter informing her that the database on which all her personal application information had been stored (including her social security number) had been hacked.
Husband said she was frustrated by the situation and angry that the university had kept her information on file even after she had turned down their offer for enrollment. So far, Husband said she has not seen any signs of identity theft.
“I was a little worried,” Husband said, “but I have been careful to watch my credit report and stuff like that.”
Fortunately, Pepperdine is not among the 67 educational institutions that suffered similar events in 2005. The university has not yet had any major security breaches. Robings said they would like to keep it that way.
“We want to make sure that hackers don’t feel like universities are an easy prey,” she said. “Pepperdine really wants to lead that information security initiative.”
Robings said this desire includes teaching students how to look out for potential security problems. A major part of the information security program is the department’s top 10 list of “Information Security Best Practices.” These best practices include the creation of strong passwords (which contain more than eight characters and a mixture of upper and lower case letters as well as special characters), regular operating system updates and information back-ups.
“We want our students to pick up the best information security habits here,” Robings said, “so that when they go out into the corporate world, they will already have developed those practices for everything they will manage electronically.”
Training for students will begin with online workshops due to appear on WaveNet in October.
Faculty and staff members will also undergo online training regarding the new procedures while department managers will be required to attend an intensive training workshop sometime in October. Although, according to Robings, some members of the Pepperdine community have voiced concerns that the new policies will prove cumbersome, most of the feedback she has received has been positive, especially in light of the looming threat of identity theft, which she describes as a “major ordeal” to overcome.
“When you think about the purpose of it — what’s at stake if somebody guesses your password — you appreciate the value of these information security practices,” Robings said. “It becomes a little easier to swallow.”
Husband said she agreed with Robings and called the new program “a good step.”
“People do need to be aware of the risks of identity theft–it’s out there and it does happen to people,” said Husband, who said a friend of hers had recently been a victim of an identity thief who used her information to make bogus charges on her credit card. Husband added, “The more information you have on how to protect yourself, the better.”
09-21-2006