Proper Security Practices for Universities Essay

Satisfactory Essays


In this case study(Dhillon, 2007, p. 129), University of California(UC) at Berkley was hacked because of an unpatched database which had a known security flaw. The hackers stole 1.4 million users private data. The authorities were informed of the incident that took place in August 2014 so they can start the investigations. The incident was discovered by security staff of UC. The problem did not stop at the stolen data but could also extend to UC reputation as an institute of higher education. Because the hackers could have used UC systems to launch Denial of Service(DOS) attacks on others. This paper is going to discuss proper security policies and procedures that help universities limit vulnerabilities while allowing …show more content…

Even though the IT staff are the ones who should be leading this process. Because students are part of the university. If the IT department forces certain policies but the students do not comply then it is just useless. Therefore, the students must be trained and educated about the importance that security plays in their lives and the lives of others. A student must also understand that a university is not just a place to learn at but also a whole community of people living and interacting together just like a neighborhood.

The Frequency of Security Policy Update

It is advisable that a university updates its security policy every semester or quarter depending on the type of term the university uses. That is the normal update period but sometimes urgent information security news come from different vendors(hardware, software or firmware) forcing the university to suddenly update its security policy. In other words the security policy update should have acceptable period of time and be adaptable to urgencies in IS.


After discussing the required material pertaining to university security, a person must understand that information security is a science that keeps changing. Therefore, universities need to keep up with the latest information from specialists and experts not just people in Academia(Viega, 2009). They also must train and educate their employees and students in information security. The

Get Access