ATHENS, Ohio (July 28, 2006) -- Ohio University Chief Information Officer Bill Sams and Provost Kathy Krendl announced at a press conference today a comprehensive plan to strengthen the overall information technology function at the university.
The 20-point action plan is titled "Blueprint for Building a World-Class IT Function at Ohio University."
The plan moves the university to a new level that allows for a proactive, long-term, comprehensive response to data security breaches reported earlier this year. "This blueprint is designed to do more than just address the security incidents. It's designed to move Ohio University to become a world-class IT organization," Sams said.
Sams said the blueprint will involve all aspects of the university's computer services: technology, business strategy and processes, and organization and governance. The 20 initiatives outlined in the blueprint will be accomplished over the next nine to 12 months.
"This reorganization is moving our IT operation from one that is technology-centric to one that is focused on students, staff and faculty support." He added, "Transparency is a word we're going to be using a lot."
Some highlights from the blueprint include:
- Implementing a perimeter firewall that will filter Internet traffic to protect computers outside of the central cluster from hacker attacks.
- Classifying data by the level of security required.
- Reducing the use of Social Security numbers within the university and encrypting those that are required.
- Reorganizing the central IT organization to establish clear roles and responsibilities, to focus on meeting user needs and to facilitate teamwork.
- Restructuring the IT Leadership Council to expand the involvement of key groups in the approval of projects and the establishment of priorities.
Sams said the total estimated cost of implementing this blueprint is between $5.5 and $8 million. Out of that, he described $1.5 to $4.5 million as one-time costs such as machinery and machine rooms. Ohio University's Board of Trustees recently approved $4 million to support this effort.
Krendl said it is likely that the balance of the funding will come from cost savings from increased efficiency in the IT departments and by restructuring funding in these departments.
The former Computer Network Services is now operating under the working title Unified IT Organization. "This name reflects improved communication between the central IT organization and IT units on other parts of campus," Sams said. "This improved communication will also extend to the rest of the Ohio University community, including faculty, staff and students. It's a cultural message we've got to get out."
As far as alumni reaction to the security breaches as well as the university's response, Krendl pointed out that 2006 has been the third best year ever for donations to the university. "Many institutions have suffered data breaches. We have tried to be open," she said. "For the most part, our alumni are very supportive and understanding."
Sams pointed out that, out of 173,000 individuals whose data were exposed, fewer than 30 have contacted the university with concerns that they have experienced any personal data theft. In addition, he said that other universities are now using Ohio University's Web site on data security as a model for distributing information about personal data protection.
Sams said the university has not made a decision about whether IT staff who have been placed on administrative leave will be terminated or will return to the university. "The decision is still under review and we'll try to make it as quick as possible." He emphasized that the university is concerned with maintaining a fair process in the matter.
The blueprint can be found in its entirety online at www.ohio.edu/outlook/05-06/July/611-056a.cfm.
[ 30 ]
Media Contact: Media Relations Coordinator Jessica Stark, (740) 597-2938, (513) 309-5843 or firstname.lastname@example.org