[unisog] Academic Freedom
Martin, James E.
martin at more.net
Fri Oct 18 15:14:04 GMT 2002
My two best friends at our university in terms of security policies and day-to-day enforcement are the auditors and the general counsel's office. If they are convinced, they can quickly change policies and practices.
Sometimes I have to wait for a "learning experience" to make a particular policy issue real; after that, change happens rather rapidly. I've found event tracking to be a major asset in making arguments. Our security team has six years worth of security events in the database, searchable by downstream network, event type and so on. We've built standard weekly reports that flag the top ten problem networks downstream, and provide a summary and status for each event (>2800 last year). Due diligence issues pop out rather quickly.
Once we framed our top-level AUP to raise due diligence issues (ours has a clause on "intentional or negligent interference with normal network use and service") and began having disucssions with counsel on due diligence and best practices, life got better. Business didn't get any slower, but we started seeing progress.
Hope this helps!
James E. Martin
MOREnet Network Security Coordinator
University of Missouri System
voice: 573-884-7200 fax: 573-884-6673
From: Bill Mowery [mailto:bill.mowery at sc.edu]
Sent: Wednesday, October 16, 2002 9:37 AM
To: unisog at sans.org
Subject: RE: [unisog] Academic Freedom
This is all an intellectually stimulating conversation, but from my
experience and perspective reality is:
* Universities are the property and playground of the academics. Staff and
other lower forms of life are to be tolerated.
* If it comes down to your opinion and that of academia, you lose - period
- regardless of the validity of your perspective.
* Things like responsibility, data security, and the common good are fine
ideas on paper - until they inconvenience the academic community in some way.
* Any academic, regardless of education, experience, or background knows
more about what's good for computing technology than you do.
If this sounds a bit cynical, perhaps it is. After objecting to things such as:
* Networks allowed to participate in DOS attacks because we "don't want to
upset dept. X".
* Invasion of privacy in email systems by system admins.
* Objecting to what "could have been" the coverup of athletic recruiting
violations using technology.
* Objecting to putting into production a new enterprise-wide online
instructional system at the beginning of a semester when the vendor was
only able to install it two days ago.
I now find myself out of a senior management position with a drastic salary
cut and no job (here it's called the "Penalty Box" although I'm the only
one to ever have a salary cut while I have Time Out).
The rule is: it doesn't have to make sense, it doesn't have to be ethical
or honest, and it doesn't have to do with the common good. The only thing
that matters is that you don't think about anything that might tarnish the
reputation of the institution and don't dare infringe on rights, real or
perceived, of the academic community.
At 02:55 PM 10/15/2002 -0500, you wrote:
>Ah, a sense of entitlement and being indignant about it. One of the many
>charms of higher-ed....
"No man is justified in doing evil on the ground of expediency."
- Theodore Roosevelt
More information about the unisog