{"id":25592,"date":"2010-12-01T08:17:08","date_gmt":"2010-12-01T13:17:08","guid":{"rendered":"https:\/\/today.uconn.edu\/?p=25592"},"modified":"2011-08-25T12:55:01","modified_gmt":"2011-08-25T16:55:01","slug":"new-director-leads-data-security-push","status":"publish","type":"post","link":"https:\/\/today.uconn.edu\/2010\/12\/new-director-leads-data-security-push\/","title":{"rendered":"New Director Leads Data Security Push"},"content":{"rendered":"
\"Pufahl7633_lg\"<\/a>
Jason Pufahl, chief information systems security officer. Photo supplied by UITS<\/figcaption><\/figure>\n

In September, Jason Pufahl was named chief information systems security officer for the University of Connecticut.<\/p>\n

His appointment to the newly-created position could not have come at a more appropriate time: in August, a laptop computer was stolen from UConn\u2019s West Hartford campus, exposing the names and Social Security numbers of thousands of applicants to the campus \u2013 a serious security breach. In October, it was discovered that the names and Social Security numbers of 23 former students could be found on the Internet, after a faculty member mistakenly stored the list in a way that was not secure.<\/p>\n

In both instances, the University notified all those who were affected and offered to pay for two years of identity credit monitoring coverage through the Debix Identity Protection Network. But it was clear to Pufahl, Chief Information Officer David Gilbertson, and President Philip Austin that a major information security initiative was needed to ensure that personal data on campus systems is safe and secure.<\/p>\n

\u201cThe incredible growth of electronic data storage in the last 15 years has sometimes outpaced the ability of institutions to ensure its total security,\u201d said Pufahl, who originally came to UITS in 2004 as a security analyst. \u201cThere are too many pockets of data and personal information sitting exposed that have sometimes just been forgotten about or not properly secured.\u201d<\/p>\n

In the case of the security breach discovered in October, the student information had been stored a decade ago. In the August breach, the laptop was apparently in an unlocked cabinet and not encrypted.<\/p>\n

In announcing the data security initiative at UConn in October, Austin wrote: \u201c\u2026 I have concluded that UConn must, in the next several months, embark upon a comprehensive and deliberate effort to address computer security concerns. Our focus will be on identifying our vulnerabilities and ameliorating them, both with respect to previously acquired and stored data and data that will be acquired and stored in the future.\u201d<\/p>\n

The program\u2019s initiatives will focus on the following primary risk areas:<\/p>\n