Learning Technology Center Performs Risk Assessment of College of Education Computers - July 23, 2007

The LTC Technical and Network Services staff members who conducted the Risk Assessment are, left to right, Chris Yallalee, Felipe Campos, Enoch Lai, David Way, James Cutrone, and Ryan Baldwin. Ryan holds the over 900 interview forms that were compiled during the asssessment.

The Learning Technology Center’s Technical and Network Services (TNS) team recently completed a Risk Assessment of all College of Education networked computing devices to determine how many of them contain sensitive information. There was a special emphasis on locating the highest risk information, such as social security numbers, which is called “Category 1” data here at the University of Texas at Austin. This first annual assessment, conducted by all UT departments, will help the University identify data security risks, so that future security breaches can be reduced and progress of this effort can be documented.

Ryan Baldwin, TNS coordinator, and his team had only three months to complete this massive survey. Although the Internet Security Office (ISO) created a Web-based tool for conducting the assessment and compiled a list of IP addresses of devices to check, Ryan soon realized that the most accurate and comprehensive way to accomplish the task would be to meet with each faculty and staff member in their offices and interview them about the data their computers contained. Ryan and James Cutrone, the LTC’s Network Security Officer, developed an interview flow chart and a form for the task. The flow chart provided a template for a thorough and consistent interview and the form streamlined the gathering of the information. Ryan described these resources at a Technology Deans Committee meeting, and soon departments across campus were asking to use them to complete their own assessments.

The TNS team, including Felipe Campos, Enoch Lai, David Way, and Chris Yallalee, then began the methodical work of interviewing College faculty and staff. Says Ryan, “It was quite a challenge to meet with everyone, especially at this time of year, when many faculty are gone after the semester ends. I also had to get 13 Associate and Assistant Deans, Chairs, and Directors to sign off on the assessment of their areas before Dean Justiz could sign off on the entire report.”

The assessment was a good opportunity for faculty and staff to learn about sensitive data and how to protect it. During a number of interviews, when it was found a computer contained sensitive data, it was also quickly determined that it did not need to be there. Of the 920 computers the TNS team assessed, 750 contained Category 1 data.

Ryan plans to meet with ISO representatives to offer suggestions on how to improve and simplify the assessment process for next year. He, and the rest of the LTC’s technical team, will continue to play an important role in keeping College of Education and University data safe.

—Laurie Caldwell, LTC Communications Coordinator

Related Links:

• UT's Data Classification System
• How to Assess and Secure Sensitive Information
• LTC Technical and Network Services