Never Safe Enough
Is there cyber-safety?
A school district in Toronto works on security.
For Toronto Catholic District School Board, in Canada, which stores scads of confidential information for some 93,000 students plus staff, there is no moat deep enough to protect its data. “This is information that parents are mandated to provide us,” says John Brighton, senior systems manager for the district. “We have a responsibility to protect it and ensure that it’s not leaked out.”
Following a threat assessment audit to its information system in 2004, the school board opted to beef up protection. In the past, consultants would review system software on an ad hoc basis, but as Web applications grew in complexity, and hackers became more sophisticated, the district needed to implement a process to automate software vulnerability assessments with frequent security checks that would protect it against the latest hacks.
Part of the solution is a pilot system developed by Cenzic Inc. The program was developed to continually spot system vulnerabilities in the 32 different Web-based applications that handle highly sensitive and important data— everything from grades to suspensions to emergency contact numbers. This way the district’s computer sciences department can stay ahead of malicious hackers, malignant viruses, or sloppy code writing. “We do have the protection of the network but hackers are sophisticated,” says Brighton. “[They] could initiate attacks from the inside or the outside. And one occurrence is too many.
”The need for software vulnerability testing never ends, Brighton says, because software is constantly evolving. At $25,000 for a two-seat license, the savings over a one-time audit ranging from $25,000 to $50,000 per application is “astronomical."
Pamela Derringer is a contributing writer for Scholastic Adminstr@tor magazine.