Several colleges have not been so lucky when it comes to information security. Some of these colleges have been the University of California-Berkeley, Harvard University, and the University of Connecticut. “There are parts of what a university does that are just like anyone else—we have credit cards, we have social-security numbers, we have health records, we have educational records—all of which we have to, by law, lock down in just as firm a fashion as corporations do,” says Jim Waldo, a computer-science professor and the chief technology officer at Harvard. Another point is that colleges relatively have little control over the devices that students and faculty use on campus. Also, an increasing number of U.S. schools are partnering with international campuses and sending their faculty and students overseas to study and teach at these satellite campuses. This international back-and-forth can provide opportunities for foreign infiltration of U.S. university networks, which may, in turn, serve as jumping off points for attacks directed at other U.S. targets. However, there are two schools of thought on computer security at institutions of higher education. One is that universities are lagging behind companies in their security efforts and need to embrace a more locked-down, corporate approach to security. The other holds that companies are, in fact, coming around to the academic institutions’ perspective on security—with employees bringing their own devices to work, and an increasing emphasis on monitoring network activity rather than enforcing security by trying to keep out the outside world. What I thought was really interesting about this article was that I believe that it’s true that college campuses don’t watch what you are doing on the Internet unlike high school.
– Erika Hoover