It is no surprise that universities are worried about datasecurity, or that they appoint committees to solve theproblem. This paper details Lehigh University’s investigationinto campus-wide security issues, including recommendationsfor specific software packages. It will be of most interest touniversity or school computing managers. An interesting aspect of theproblem is the inhomogeneity of campus computing operatingsystems, including Windows, Macintosh, Linux, and Palm OS, and theemphasis on user education. The universities are especially concerned with thesecurity of portable devices (the kind that get left on the bus),although this problem is not unique to the university computingmodel.

Unfortunately, the authors do not go into detail about user education.One can force administrators and staff to attend a seminar, but theystill make mistakes: for example, administrators at my universityused social security numbers (SSNs) as filenames for identification card portraits, thusleaking SSNs to anyone with access to the campus directory—that is,the whole world. Finally, who teaches security to students not majoringin technical areas?