University creates new information-security post
(Denver Post, The (KRT)) Nov. 25--In response to recent computer-hacking incidents and security breaches at the University of Colorado, a new information- security post is being created.
Peter Adler, a lawyer and certified information-system security professional, will serve as interim information-technology security officer, starting next week.
The university suffered three hacking incidents between July 21 and Aug. 1, including a security breach that left 29,000 students, 7,000 staff members and some former students vulnerable to identity theft.
"Information technology security is a high priority for us. It's clearly something we need to move very quickly on," CU interim president Hank Brown said. "I've asked our folks to go out and find someone with outstanding expertise right away." For the next four to six months, Adler, president of Adler InfoSec and Privacy LLC, will be charged with reviewing CU's security policy, making recommendations and writing new rules for the university network.
Based in Alexandria, Va., the one-man company has organized networks at 11 Massachusetts agencies, making them compliant with security rules surrounding the Health Insurance Portability and Accountability Act. In addition to doing a similar project for a hospital system in Fort Lauderdale, Fla., Adler has set international network-security standards for California's student-loan processing system.
He also is familiar with CU. In August, the university asked him to investigate a hacking attempt.
Adler beat out 16 other firms that placed a bid for the information-security post, according to public filings. He will be paid $98,568.
"We looked at all the responses, and Adler was very strong in this area based on his past experience working with large entities," said Steven McNally, CU's associate vice president for system operations. "He could come in and deliver an instant benefit to us." McNally said CU is on "the leading edge" in this area.
"I think there are very few universities out there today with chief security officers," he said.
The University of Denver began a full-time network security department after Sept. 11, 2001, said Kenneth Stafford, DU's vice chancellor for technology. The four- member team is led by a director of network security, he said.
Adler said he will first look at what is being done at CU campuses to keep networks secure and then create a project plan.
"We have to embrace information security in organizations and understand that it doesn't mean we're going to shut down research," Adler said. "There's a lot of fear that it will cut down the flow of information. There are good practices that need to be followed." Adler also will help CU in its search for a permanent security officer. He said he would not apply for the job.
Interview with Palisade Systems
Interview with Awareness