Task Force Seeks Comments About Computer-security Policy

Task Force Seeks Comments
About Computer-Security Policy

To read the draft policy and comment on it, go to www.uky.edu/FAIT/SRA. The task force will accept comments through Monday, Dec. 9.

Lexington, Ky. (Dec. 3, 2002) -- A University of Kentucky Presidential task force is seeking comments from members of the campus community regarding a policy that will act as a guide for determining and implementing procedures affecting computer security and resource allocation at UK. To read the draft policy and comment on it, go to www.uky.edu/FAIT/SRA. The task force will accept comments through Monday, Dec. 9.

"We have a serious and growing security threat, almost all of which originates outside the University," said Bob Tannenbaum, chairman of the Task Force on Computer Security and Resource Allocation, which UK President Lee T. Todd Jr. formed in June.

Tannenbaum said incidents of computer-security breaches are reported each week at the university. Generally, he said, these result in virus- or Trojan-infected computers on campus networks. The compromised computers are discovered attacking other computers, advertising storage space for hijackers, or scanning UK networks for information on networked resources, he said.

"We need to take protective action of various kinds," Tannenbaum said. "The policy, when approved, will serve as a guide for the university's information technology professionals as they respond to these security problems."

Regarding resource allocation issues, Tannenbaum said, "A considerable volume of our Internet bandwidth is being taken up by peer-to-peer file exchange traffic. At times, this has consumed more than half of the bandwidth we have available."

But regulating exchanges such as these is not simple, as the task force members learned while attempting to set forth principles that balance the rights and privacy of individual users with the responsibilities of the university to provide resources in support of its educational, research and service mission. Also at issue are technological, security and legal problems posed by certain uses and misuses of network, storage and computing resources.

The draft policy contains a clearly delineated appeals process to be followed by members of the university community who feel negatively affected by actions taken by the university under the policy and resulting guidelines.