security in the educational sphere
We've posted before about security considerations in the classroom, and wanted to point readers toward further reading in that area.
There's been a lot of recent publicity around a security breach that let loose personal data on 3,400 employees in the Irving School district in Dallas, TX, resulting in large-scale identity theft. From the Dallas Morning News:
District security director Pat Lamb said a woman charged in the case said the information came from a list of names pulled out of a trash bin.
"We still do not know how our records were compromised," said Lamb, who mentioned that his own name was on the list. "We don't know if somebody was supposed to shred that information, but it ended up in a Dumpster."
The Dallas Morning News has also published a timeline of the breach and surrounding communication, revealing the school district's woefully inadequate response in the immediate aftermath of the breach. This should serve as a reminder that a proper information security strategy in any organization needs to be coordinated on both a technology and procedural level.
For more on this issue, see this article in Security Magazine, featuring NCP's Rene Poot and Marin Montessori School's Zarko Draganic.