Investing in procedures, training, and equipment that can make networks more secure is well worth the expense for higher-education institutions, and not only for the savings to bank accounts—and reputations—that can result from avoiding costly security breaches.
“In a time of increased national security concerns, pressure is mounting for colleges to gain better control of their computer networks—or risk losing federal grant money for research,” Michael A. McRobbie, vice president of information technology for the Indiana University system, recently told an audience at the annual meeting of the higher-ed technology advocacy group EDUCAUSE.
James Webb, chief information officer at West Texas A&M University, agrees. For example, he says, “if your institution deals with credit cards—and almost all of us do—the Payment Card Industry now requires quarterly scans by a PCI-approved scanning vendor. We [also] have Texas Administrative Code 202 at the state level, which requires institutions of higher education to adhere to well-defined information security standards. TAC 202 also requires vulnerability testing to be conducted on an annual basis.”
Recent additions to TAC 202 now require an independent review of an institution’s information security program.
“The penalty for not keeping up with such requirements could include financial penalties or loss of funding,” he says.