State Education computer system is exposed for attacks

By Howard Fischer/Capitol Media Services
Published/Last Modified on Friday, August 18, 2006 1:23 PM MDT


PHOENIX - The computer system being run by the state Department of Education allows "sensitive information'' to be exposed "due to security weaknesses,'' the state Auditor General's Office has concluded.


The report, being released today, noted that the agency makes many of its applications accessible via the Internet so that schools can report information and access data. Auditor General Debbie Davenport said her staffers found that private information, like teacher names, birth dates and social security numbers "could be viewed by individuals who have no right or need to access it.''

Davenport said there was no evidence that the agency's computer system actually has been compromised. But she said the weaknesses make it possible - and that "hackers'' entering the system through the Internet could obtain technical information that would help them plan additional attacks.

Janice McGoldrick, the agency's chief information officer, said virtually all of the problems the auditor has found already have been addressed. And McGoldrick, who took control of computer services at the agency less than two years ago, said fixes were being made even before auditors showed up.

For example, she said the Department of Education had an "intrusion detection'' system that would notify agency employees any time someone tried to break into the system. But what was needed, she said was "intrusion prevention'' software to keep people from getting at the data in the first place.

But McGoldrick acknowledged that some things remain to be done.

For example, she said the agency needs to have someone whose main job is to manage computer security. And she said that the patches already made need to be constantly checked.

"We have the continuous challenge to try to stay one step ahead of the hackers,'' McGoldrick said.

Copyright © 2012 Douglas Dispatch

Comments

Write a Comment

Comment posters are responsible for the opinions they express and the accuracy of the information they provide. We urge comment writers to treat this as a public forum where manners matter. We encourage a collegial, non-insulting tone. All readers comments must be approved by our staff before posting to the Web site. They review submitted comments periodically during the day for offensive or off-topic content before posting. Be aware, in accordance with the Communications Decency Act and provisions upheld in judicial appeal, that you are responsible for comments posted on this Web site. The Douglas Dispatch is not liable for messages from third parties.

DO NOT POST:
* Potentially libelous statements or damaging innuendo.
* Obscene, explicit, or racist language.
* Personal attacks, insults or threats.
* The use of another person's real name to disguise your identity.
* Comments unrelated to the story.
* Personal Information (phone numbers, addresses, etc.)

Opinions, advice and all other information expressed in douglasdispatch.com's reader comments represent the individual's own views and not necessarily those of the Douglas Dispatch. The Douglas Dispatch does not endorse and is not responsible for statements, advice or opinions offered by anyone other than authorized Douglas Dispatch spokespersons.

Your thoughtful contribution to the online discussion is appreciated.

(optional)
   









Contact Us

Email the Editor
530 11th Street (85607)
P.O. Drawer H
Douglas, AZ 85608
tel: 520.364.3424
fax: 520.364.6750