Purdue Identity Security Summary
This newsletter has been created by Student Services Technology & Assessment and is intended for the audience of departments supported by SSTA. Its purpose is to inform the audience about University Identity and Security concerns and to summarize the specific Identity and Security related efforts being taken within Student Services. This newsletter will be produced on an as-needed basis until it is no longer deemed useful by SSTA management.
OUR APPROACH TO ADDRESSING IDENTITY SECURITY
Student Services Technology and Assessment (SSTA) is taking a six-phase approach to planning for a more secure environment of identity information. We have entered and are going through the first phases of Discovery and Information Collection, and User Awareness & Education, and are beginning the second phases which are Cost/Benefit Assessment and Items Requiring Immediate Action. (Read the full story . . .)
SIDS WILL BE REMOVED FROM COURSE ROSTERS, PROGRESS REPORTS, AND GRADE REPORTS
Beginning in August, 2005, course rosters and progress reports acquired through SIS on the Web will not contain Student IDs. Also planned for this fall is removing SIDs from grade reports that are sent to faculty for turning in final semester grades to the Office of the Registrar.
"Deb Sheets, Interim Registrar, said "Purdue University Identifiers (PUIDs) will replace SIDs on the Course Roster and Grade reports, so that instructors and advisors will be able to uniquely identify students and cross-reference them on these reports."
IDENTITY & SECURITY WEBSITE
Student Services Technology and Assessment (SSTA) has developed a new website where you will be able to access security information regarding policies, department contacts, and previous Identity & Security Newsletters. The site can be found at: http://www.purdue.edu/ssta/security/.
NEW VIEW: DECISION SUPPORT SYSTEM
SSN to be considered as restricted data in DSS warehouse and SAS Share data sets. PURDUE PERSON SEARCH (PPS)
Purdue Person Search application can be used for conversion of PUID into SSN.
VIEW FROM THE DESKTOP
Recent Steps Taken:
All Student Services Workstation Technology supported desktops have been converted to the XP environment. This new environment provides increased security in the following forms:
- An Individual Firewall has been implemented on each desktop and laptop. It allows network applications needing specific network access "ports" to perform their tasks while exposing only their own workstation while that application is in use.
- The default save location for most applications is now the "My Documents" folder which is automatically redirected to the individual's home directory (a.k.a., H:).
- All Microsoft XP and Office product "patches" will be applied immediately after testing.
- As before, Anti-Virus scanning is done upon any file access and virus definition file updates are applied daily. The Anti-Virus application will now automatically apply version upgrades as they are released.
- A workstation "10-minute lock-out" was implemented. Even though users can disable or change this lock-out feature, they need to follow their department's local policy for use until a University Policy is implemented. Most departments have audit points on this requirement.
Next Steps Planned:
- A "temp file" cleanup process is being developed and tested for the local drive (C: & Desktop). This process aims to cleanup areas on the desktop local drive that typical users are unaware of their existence. Temp files are used to increase desktop performance and this process will not delete any files that the user has deliberately saved. The process is designed to delete all files from these areas upon each user logoff.
- SSN Scanning Update - There has been nothing official announced as far as tools or procedures. ITaP Security has been testing tools that have returned high false positive rates. Investigation and testing continues within ITSP.
| JULY ISSUE OF |
 |
FEATURES ARTICLES ON COMPUTER SECURITY: |
|
