Information Security Risks on a University Campus

Amer A. Al-Rawas; S. Millmore

doi:10.24200/squjs.vol7iss1pp31-43

Submitted

Apr 24, 2017

Published

Jun 1, 2002

Download

PDF

Statistic

Read Counter : 387 Download : 551

Abstract

This paper is concerned with issues relating to security in the provision of information systems (IS) services within a campus environment. It is based on experiences with a specific known environment; namely Sultan Qaboos University. In considering the risks and challenges that face us in the provision of IS services we need to consider a number of interwoven subject areas. These are: the importance of information to campus communities, the types of information utilised, and the risk factors that relate to the provision of IS services. Based on our discussion of the risk factors identified within this paper, we make a number of recommendations for improving security within any environment that wishes to take the matter seriously. These recommendations are classified into three main groups: general, which are applicable to the entire institution; social, aimed at the work attitudes of staff and students; and technical, addressing the skills and technologies required.

Keywords

Security Information Systems Campus Environment.

References

ANON, 1998, Maximum Security, Second Edition, SAMS Publishing.
ANON, 2000, Computer Fundamentals and Applications (Course Syllabus), Chapter 8, Computer Security and Risks, www.pentaq.co.nz/Columns/ComputerFunctionality.html.
ATTORNEY GENERAL (Australia), 1999, 26th August, Protecting Australia’s Information Infrastructure, News Release law.gov.au/aghome/agnews/1999newsag/601_99.htm.
BORISOV, N., GOLDBERG, I. and WAGNER, D. Undated, Security of the WEP algorithm, University of California at Berkley, www.isaac.cs.berkeley.edu/isaac/wep-faq.html.
BRITISH STANDARDAS INSTITUTE, 1999, Information Security Management, Specification for Information Security Management System, BS7799-2.
BROOK, J. 2000, Computer Reliability Checklist – Revised, www.pentaq.co.nz/Columns /ComputerFunctionality.html.
COX, A., 24th November 2000, Report on Creating a Security Culture in HE and FE Conference, University of Glasgow, litc.sbu.ac.uk/jcalt/conference/confreport.htm.
ELLIOT, R., YOUNG, M.O., COLLINS, V.D., FRAWLEY, D. and EMARES, M.L. 1991, Information Security in Higher Education, Cause - The Association for the Management of Information Technology in Higher Education, Professional Paper Series #5.
FISHER, D. and NOBEL, C., February 9, 2001, Wireless LAN Security Holes Exposed, eWeek News, www.zdnet.com/eweek/stories/general/0,11011, 2684262,00.html.
FRASER, B. (Ed), September 1997, Site Security Handbook, RFC2196, The Internet Engineering Task Force, Network Working Group, www.ietf.org/rfc/rfc2196.txt?number=2196.
GARIGUE, R.J., Undated, Hacking Belief Systems, An Agenda for the Survival of Humanity in Cyber-Society,The Activist Agenda in Cyber-Society superior.carleton.ca/~rgarigue/hack.htm, www.infowar.com/articles/00/cyborg/CYBORG3.htm.
HANSARD (UK Gov), 4 Nov 1998, Official Debate Report, House of Commons Hansard for 4 Nov 1998 (pt 52), The Stationery Office Ltd, Department of the Official Report (Hansard), Volume: 318, Part:232, ISBN: 0106232983, www.parliament.the-stationery-office .co.uk/pa/cm199798/ cmhansrd/vo981104/ debtext/81104-52.htm
HARVARD UNIVERSIY, November 1991, Information Security Handbook, Version 2, www.all.net/books/document/harvard.html.
HASSLER, A.A., 1998, Guaranteed Access to Campus Network Resources: Policies and Issues, Cause/Effect, 21-No. 2:10-14, www.educause.edu/ir/library/html/cem9824.html.
HUNTER, B., 14 April, 2000, Information Security: Raising Awareness,Version 1.0, Government of Canada PKI Secretariat, Chief Information Officer Branch,Treasury Board of Canada Secretariat, www.iwar.org.uk/comsec/resources/canada-ia/infosecawareness.htm
ILLINOIS INSTITUTE OF TECHNOLOGY, Undated, Center for Study of Ethics in the Professions, Code of Ethics Online, Computing and Information Systems, csep.iit.edu/codes/computer.html.
INTERNATIONAL STANDARDS OREGANISATION, Information Technology – Code of Practice for Information Security Management, ISO/IEC 17799, (The ISO version of BS7799).
JOINT INFORMATION SYSTEMS COMMITTEE, 27th February 2001, Developing an Information Security Policy, www.jisc.ac.uk/pub01/security_policy.html.
KARI, H.H., Undated, Latent Sector Faults and Reliability of Disk Arrays, Dissertation in Helsinki University of Technology, Espoo, Finland, www.cs.hut.fi/~hhk/phd/chapter3/phd_3.html.
LEACH, J., Undated, Findings from the first stage of the Study into the Requirements for Authentication, Authorisation and Privacy in Higher Education, Joint Information Systems Committee, www.jtap.ac.uk/reports/htm/jtap-015-1.html
LEYDEN, J., 29th March 2001, War Driving: The Latest Hacker Fad,The Register, www.theregister.co.uk/content/archive/17976.html
QUINN-ANDRY, T. and HALLER, K., 1998, Designing Campus Networks, Cisco Press, Macmillan Technical Publishing.
READ, J. (Editor), et. al., Undated, Working Paper on Secure Internet Issues for the HE Community, Interim Report from JTAP-659, University of Southampton, www.jtap.ac.uk/reports/htm/jtap-032.html.
ROSS, J.B., November 4, 2000, Containing the Wireless LAN Security Risk, SANS Institute, www.sans.org/infosecFAQ/wireless/wireless_LAN.htm.
SAN FRANCISCO STATE UNIVERSITY, Undated, Draft Self-Study for WASC Re-accreditation, Volume I - Implementing the University Strategic Plan, Chapter 14, www.sfsu.edu/~acadplan/wascss14.htm.
STAMEN, E.M., July 1986, Ownership, Privacy, Confidentiality, and Security of Data, Cause/Effect, 9-No. 4: 4-9.
TEXAS (The State of), Donald Gene Burleson (Appellant) vs The State of Texas, State. No. 2-88-301-CR Court of Appeals of Texas, Second District, Fort Worth, 802 S.W.2d 429 rampages.onramp.net/~dgmccown/c-txblsn.htm.
UNIVERSITY OF CALIFORNIA, May 22, 1998, Improving Network and Computer Security at the University of California, Berkley, Report of the ITATF Security Working Group socrates.berkeley.edu:2001/security/itatf_swg_report.html.
UNIVERSITY OF LEICESTER, 27th November 2000, Management Information Systems, Computer Security Policy, Administrative Systems, www.le.ac.uk/mis/html_docs/security.htm.
WHITE HOUSE (The), 2000, Defending America’s Cyberspace, National Plan for Information Systems Protection, An Invitation to a Dialogue, Version 1.

References

ANON, 1998, Maximum Security, Second Edition, SAMS Publishing.

ANON, 2000, Computer Fundamentals and Applications (Course Syllabus), Chapter 8, Computer Security and Risks, www.pentaq.co.nz/Columns/ComputerFunctionality.html.

ATTORNEY GENERAL (Australia), 1999, 26th August, Protecting Australia’s Information Infrastructure, News Release law.gov.au/aghome/agnews/1999newsag/601_99.htm.

BORISOV, N., GOLDBERG, I. and WAGNER, D. Undated, Security of the WEP algorithm, University of California at Berkley, www.isaac.cs.berkeley.edu/isaac/wep-faq.html.

BRITISH STANDARDAS INSTITUTE, 1999, Information Security Management, Specification for Information Security Management System, BS7799-2.

BROOK, J. 2000, Computer Reliability Checklist – Revised, www.pentaq.co.nz/Columns /ComputerFunctionality.html.

COX, A., 24th November 2000, Report on Creating a Security Culture in HE and FE Conference, University of Glasgow, litc.sbu.ac.uk/jcalt/conference/confreport.htm.

ELLIOT, R., YOUNG, M.O., COLLINS, V.D., FRAWLEY, D. and EMARES, M.L. 1991, Information Security in Higher Education, Cause - The Association for the Management of Information Technology in Higher Education, Professional Paper Series #5.

FISHER, D. and NOBEL, C., February 9, 2001, Wireless LAN Security Holes Exposed, eWeek News, www.zdnet.com/eweek/stories/general/0,11011, 2684262,00.html.

FRASER, B. (Ed), September 1997, Site Security Handbook, RFC2196, The Internet Engineering Task Force, Network Working Group, www.ietf.org/rfc/rfc2196.txt?number=2196.

GARIGUE, R.J., Undated, Hacking Belief Systems, An Agenda for the Survival of Humanity in Cyber-Society,The Activist Agenda in Cyber-Society superior.carleton.ca/~rgarigue/hack.htm, www.infowar.com/articles/00/cyborg/CYBORG3.htm.

HANSARD (UK Gov), 4 Nov 1998, Official Debate Report, House of Commons Hansard for 4 Nov 1998 (pt 52), The Stationery Office Ltd, Department of the Official Report (Hansard), Volume: 318, Part:232, ISBN: 0106232983, www.parliament.the-stationery-office .co.uk/pa/cm199798/ cmhansrd/vo981104/ debtext/81104-52.htm

HARVARD UNIVERSIY, November 1991, Information Security Handbook, Version 2, www.all.net/books/document/harvard.html.

HASSLER, A.A., 1998, Guaranteed Access to Campus Network Resources: Policies and Issues, Cause/Effect, 21-No. 2:10-14, www.educause.edu/ir/library/html/cem9824.html.

HUNTER, B., 14 April, 2000, Information Security: Raising Awareness,Version 1.0, Government of Canada PKI Secretariat, Chief Information Officer Branch,Treasury Board of Canada Secretariat, www.iwar.org.uk/comsec/resources/canada-ia/infosecawareness.htm

ILLINOIS INSTITUTE OF TECHNOLOGY, Undated, Center for Study of Ethics in the Professions, Code of Ethics Online, Computing and Information Systems, csep.iit.edu/codes/computer.html.

INTERNATIONAL STANDARDS OREGANISATION, Information Technology – Code of Practice for Information Security Management, ISO/IEC 17799, (The ISO version of BS7799).

JOINT INFORMATION SYSTEMS COMMITTEE, 27th February 2001, Developing an Information Security Policy, www.jisc.ac.uk/pub01/security_policy.html.

KARI, H.H., Undated, Latent Sector Faults and Reliability of Disk Arrays, Dissertation in Helsinki University of Technology, Espoo, Finland, www.cs.hut.fi/~hhk/phd/chapter3/phd_3.html.

LEACH, J., Undated, Findings from the first stage of the Study into the Requirements for Authentication, Authorisation and Privacy in Higher Education, Joint Information Systems Committee, www.jtap.ac.uk/reports/htm/jtap-015-1.html

LEYDEN, J., 29th March 2001, War Driving: The Latest Hacker Fad,The Register, www.theregister.co.uk/content/archive/17976.html

QUINN-ANDRY, T. and HALLER, K., 1998, Designing Campus Networks, Cisco Press, Macmillan Technical Publishing.

READ, J. (Editor), et. al., Undated, Working Paper on Secure Internet Issues for the HE Community, Interim Report from JTAP-659, University of Southampton, www.jtap.ac.uk/reports/htm/jtap-032.html.

ROSS, J.B., November 4, 2000, Containing the Wireless LAN Security Risk, SANS Institute, www.sans.org/infosecFAQ/wireless/wireless_LAN.htm.

SAN FRANCISCO STATE UNIVERSITY, Undated, Draft Self-Study for WASC Re-accreditation, Volume I - Implementing the University Strategic Plan, Chapter 14, www.sfsu.edu/~acadplan/wascss14.htm.

STAMEN, E.M., July 1986, Ownership, Privacy, Confidentiality, and Security of Data, Cause/Effect, 9-No. 4: 4-9.

TEXAS (The State of), Donald Gene Burleson (Appellant) vs The State of Texas, State. No. 2-88-301-CR Court of Appeals of Texas, Second District, Fort Worth, 802 S.W.2d 429 rampages.onramp.net/~dgmccown/c-txblsn.htm.

UNIVERSITY OF CALIFORNIA, May 22, 1998, Improving Network and Computer Security at the University of California, Berkley, Report of the ITATF Security Working Group socrates.berkeley.edu:2001/security/itatf_swg_report.html.

UNIVERSITY OF LEICESTER, 27th November 2000, Management Information Systems, Computer Security Policy, Administrative Systems, www.le.ac.uk/mis/html_docs/security.htm.

WHITE HOUSE (The), 2000, Defending America’s Cyberspace, National Plan for Information Systems Protection, An Invitation to a Dialogue, Version 1.

Information Security Risks on a University Campus

Article Sidebar

Main Article Content

Abstract

Keywords

Article Details

References

References