- 12 myths about how the Internet works
- Smartphone smackdown: Storm vs. iPhone
- IETF: Should we ignore the Kaminsky bug?
- Top 10 wicked cool algorithms
- How to recession-proof yourself
 |
|||||||
|
|||||||
Organizations planning to partner with Charleston Southern University in South Carolina better get ready for a rigorous vetting process. CIO Rusty Bruns is a stickler when it comes to security.
His biggest fear is that a hacker will find a security hole, break into university databases, and steal personal and financial information for thousands of students and alumni. "You have to make a conscious best effort that that's not going to happen," Bruns says. "I have to say we've done everything we can based on the school's budget and the technology that's out there to protect this information."
Bruns comes by such confidence in part because he audits the CSU network every 12 to 18 months and subjects all prospective partners to a thorough third-party audit. (He has even budgeted for external audits, in case a potential partner cannot afford one.) Among the information he gathers are frequency of password updates, firewall-monitoring procedures, and found vulnerabilities or access holes.
Once he's satisfied that the prospective partner has fixed any major flaws uncovered during the audit, he makes all project team members at that organization sign a security policy. With their signatures, they promise to take a variety of security precautions, such as changing passwords frequently, and they agree not to divulge any shared information. Bruns then checks the partner's references, asking direct questions about how the organization handles security.
Even when Bruns is satisfied that a prospective partner can be trusted, he only extends the CSU network via direct links, using two levels of application-specific passwords and encrypting all transmissions. He could not achieve high enough levels of security if he allowed Web access, Bruns says.
The more the merrier
Vinnie Cottone, vice president of infrastructure services at financial services firm Eaton Vance in Boston, takes a different tack. He is a big proponent of partnering and doesn't want to limit how many companies can access the network. To that end, he's created the Business Partner Network.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leade |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment