Ohio University aggressively implementing independent computer network system report recommendations
ATHENS, Ohio (June 21, 2006) -- Ohio University officials have reviewed an independent report that was commissioned to assess the university’s computer systems. To ensure the security of the information functions, the university’s administration will begin implementing the independent report’s recommendations immediately.
“As president of Ohio University, I am angry and embarrassed by the computer security system lapses that were undetected before my time as leader of the university,” said Ohio University President Roderick J. McDavis. “Everyone associated with Ohio University deserves the highest level of accountability and best practices standards. While we cannot correct mistakes of the past, I am determined that the university will learn from these oversights and make the appropriate changes. The university’s administration will aggressively implement the independent report’s recommendations, which will ensure that all appropriate measures are taken so that lapses do not occur again.”
The Information Technology Incident Audit Report conducted by Moran Technology Consulting of Naperville, Ill., provides recommendations for improved university network security.
“This report provides the needed road map to take decisive action to improve all facets of Ohio University’s information technology services, such as operations, personnel and budget, both for the short term and long term,” Associate Provost for Information Technology and Chief Information Officer Bill Sams said. “We are already in the process of implementing some of the recommendations and will continue to move forward with the focus on implementing the best practices standards in the industry.”
Below is a list of near-term and long-term actions the university is taking based on the independent report.
- Based on the report’s recommendation, the university has suspended the Director of Communication Network Services (CNS) and the Manager of Internet and Systems pending the completion of a disciplinary investigation. The suspended individuals will be provided an opportunity to respond to the findings of the report prior to a final determination that could include termination. Two consultants have been brought in as interim management support to augment the Central Information Technology Management Team on an immediate basis. A new position of Chief of Staff to the CIO has been created, and a national search will be conducted to fill that position.
- A restructuring of the entire central Information Technology (IT) organization has begun. The result of this restructuring will be the establishment of clear roles, responsibilities and accountabilities. The new organization will ensure that security is properly provided at both central and distributed levels and that all team members are focused on supporting the entire university and its stakeholders. By the end of the month more than 90 percent of the central IT organization will have been involved in some form of restructuring.
- The three individuals who were placed on administrative leave May 5 will return to work based on the report’s findings.
- The university will immediately begin to define the roles and responsibilities of all technology owners across the institution, both centralized and distributed IT, to ensure that the university has a highly secure and well-managed technology environment.
FUTURE ACTIONS TO BE TAKEN
- At the request of McDavis, the Ohio University Board of Trustees will be asked to authorize up to $2 million to invest in securing information technology systems.
- Ohio University will implement real-time and scheduled virus protection on every Windows-based server and conduct an audit of all server accounts to determine if any have been compromised and to verify password enforcement, complexity and length requirements.
- A universitywide information technology strategic planning effort led by Sams and William Decatur, vice president for finance and administration, chief financial officer, and treasurer, will be undertaken to identify the major needs of all university stakeholders, prioritize those needs and establish a well-documented Strategic Technology Plan to guide the university as it moves ahead.
- The university will build an institutionwide security architecture that addresses determined needs of the system.
Background information on steps the university has previously taken to secure its computer systems against intruders and to improve the security of data and IT resources at the university is available at www.ohio.edu/datasecurity.
Moran Technology Consulting is a premier provider of consulting services to education, public sector and commercial industry clients. Some of Moran’s clients include California State University System, Northwestern University, United States Naval Academy and the University of Cincinnati. The company offers a full range of IT management consulting services. For more information on Moran Technology Consultants, visit www.morantechnology.com.
[ 30 ]
Media Contact: Director of Media Relations Jack Jeffery, (740) 597-1793 or email@example.com, or Media Relations Coordinator Jessica Stark, (740) 597-2938 or firstname.lastname@example.org