Week 5 Security Discussion Comments

  1. As several of you observed, there is no way to totally (100%) prevent a computer security breach. There is also no way to guarantee that a bank branch cannot be robbed no matter how much you spend on security. Well planned security investments and procedures can greatly reduce the probability of a security breach but cannot eliminate the possibility entirely.
  2. In both the Disaster Recovery Discussion and this Security Discussion, taking backups was frequently mentioned. Most backup software provides an option to encrypt the backup files. It is important to take advantage of this option. If you do not encrypt your backups, the only thing preventing a storage provider from accessing the data is their policies and procedures.  There is usually no technical barrier.
  3. IThere is always a trade-off between security and convenience. I would prefer to access ACATSNEW remotely as I do now without driving from Evanston to River Forest each time I need to access that server on the Dominican Network. Dominican spent over a year establishing a secure way to access that server without allowing access to other parts of the network.
  4. Even a minor security incident can be painful to customers. My Discover Card number has been compromised several times. Each time it is necessary to go to many online sites and change the credit card number stored on the site (Illinois Tollway, CTA Ventra, ...). Last time this happened, I opened a separate credit card account to use only on selected sites where automatic renewal is critical such as the hosting company where dombsb.com and millerjw.com are hosted.
  5. The Internet of Things presents new security challenges. Now, even pop machines want internet access so that they can report when the need restocking. It is necessary to make sure that employees at the pop machine company cannot access critical informaiton on your network.
  6. You mentioned the requirement to protect medical information because of the HIPPA law.. FERPA is the law that specifies the requirements for protecting student information.