Virginia Rezmierski
Do Computer Related Security and Abuse Incidents Cost Organizations? You Bet! The Incident Cost Analysis and Modeling Projects I and II.
Apr 25, 2001
Abstract
Colleges and Universities, as open environments for the creation, exchange, and transfer of information, have found themselves particularly vulnerable to abuse, misuse, and outright security attacks. Administrators ask themselves if this is simply the cost of doing business in electronic environments and nothing more to worry about, or if these are real costs that need to be planned for and managed as risks. Dr. Virginia Rezmierski and a staff of research assistants from the University of Michigan's Ford School of Public Policy and the Law School researched and developed a cost analysis model for determine real costs. In a series of two studies, the first funded by the Chief Information Officers of the Committee for Institutional Cooperation (CIC), and the second by the USENIX Association, they gathered, described and analyzed 45 different incidents, presented costs, and described the state of incident handling at participating schools. They identified factors that contributed to costs and those that contributed to the occurrence of incidents. Their methodology and results have been widely disseminated and will be discussed in this seminar.About the Speaker
For the past fifteen, Rezmierski has been Director of the Office of Policy Development and Education at the University of Michigan. With her staff she has served to identify and analyze ethical and legal issues relating to information technology use and develope policies for the University of Michigan. This group is recognized for providing campus-wide educational campaigns on security, ethical, legal, and policy issues--the most widely known of the campaigns is the \"Passwords Are Like Underwear Campaign---\"don\'t share yours with friends, the longer the better\", etc.which has been shared with a large number of other colleges and universities. Rezmierski cochaired the campus-wide security policy committee for the campus and many other committees dealing with issues of pornography access, protection of personal information, use of social security numbers as identifiers, copyright and others. She publishes and speaks nationally on these issues.
After retiring from her administrative duties in June 2000, Dr. Rezmierski was reappointed to continue teaching at the University of Michigan for two of the colleges. She teaches an advanced course in Technology, Emerging Law, and Applied Policy for the Ford School of Public Policy and a graduate course in Ethics and Values for the School of Information. She also currently directs a National Science Foundation grant designed to describe logging and monitoring activities at colleges and universities and determine the point at which such activities may violate the privacy rights of students under the Family Educational Rights and Privacy Act.