John Cox discusses the recent report by Application Security, mentioned previously on this site.
A database security vendor says colleges and universities need to do more to secure their databases against break-ins.
Application Security, which uses the name AppSec, reviewed data breaches in higher education, drawing from a variety of published sources. The company, based in New York City, specializes in database security and has two main products: DbProtect, an application for database security, risk and compliance; and AppDetectivePro, which automatically discovers all database applications on a company’s network and evaluates their security.
The data in its report, “An Examination of Data Breaches at Higher Education Institutions,” highlights increasing data-loss incidents at colleges and universities. But it doesn’t clearly distinguish between the business market as a whole and the higher education sub-market, and it does little to put the higher education breaches into context.
Cox offers a number of other criticisms of the report. You can read it all on NetworkWorld.
In the meantime, while folks analyze breaches at the uni level, I’ve seen almost nothing on breaches at the k-12 level. School districts compile a tremendous amount of sensitive information on both students and their families, and I would guess that there have been many many breaches but we just don’t know about them. Even scarier: do the districts even know that they’ve been breached?