In an attempt to step up network security, Penn State has started a new initiative that will require all university-owned computers to be scanned for malicious software and security hazards, ITS Director Kevin Morooney said.
The Information Privacy and Security (IPAS) project will be a University-wide initiative to ensure data security at Penn State is up to date, according to ipas.psu.edu.
Morooney said the IPAS project is Penn State's way to ensure valuable information, such as credit card numbers and social security numbers, are protected from identity thieves and malicious software.
"Faculty have access to student information that needs to be protected," he said. "Overall we're trying to improve the security environment at Penn State."
A mandatory initial scan for all university-owned computers was initiated for the 2008 fall semester.
But additional scans have no set timetable, according to the IPAS Web site.
Gerry Santoro, professor of IST at Penn State, said the IPAS initiatives are necessary because the volume of data available on Penn State's network makes a large target for hackers.
"Universities traditionally have been insecure with their data. We tend to be an open environment," he said. "Unfortunately that openness works against us."
Santoro, who has the scanning software installed on his computer, said he does not mind the program running on his computer, though he said others could be skeptical.
"There may be a little worry as to how that could be applied," he said. "One is at some time in the future, the scanning can be increased to scan private things that should be protected by the First Amendment."
Morooney said the scanning software's only purpose on university-owned computers is to ensure that there is no security breach and no data is stolen from Penn State's network. It is not used to monitor daily activity on the machines, he said.
Santoro said the IPAS initiatives may be necessary, but as with anything, proper assessments need to be conducted.
"My worry is that when security controls are put in place without a logical risk assessment and a cost benefit assessment, then you do go about that slippery slope where everyone's privacy is at risk to protect the confidentially ... of that data," he said.
Rob Freiden, professor of telecommunications at Penn State, said there is a thin line between security and privacy.
He said but both need to be handled carefully.
"This whole issue of security is terribly difficult and important and requires a balancing," he said.
