Confidential research and security information can be transmitted by the click of a button or by the exchange of a simple CD. A professor at one of Dartmouth's peer institutions learned this when one of her trusted post-doctorate students tampered with data on her computer and some of her valuable research-related CD's were stolen. To counteract these security risks, the College is currently searching for a candidate to take on the role of chief information security officer.
The role of a CISO is crucial to universities because administrators cannot control the way people search for information online, Ellen Waite-Franzen, Dartmouth's vice president for information technology and chief information officer, said.
"The security officer really needs to have good campus relationships with faculty, students and staff," Waite-Franzen said. "You can't just tell people to do something; you really have to make them understand why it's to their benefit to do these things."
Waite-Franzen is leading the search committee that will select the CISO. Twelve applicants who underwent an extensive interview process have been narrowed down to three finalists for the job, she said.
"We've invited three to campus, and hopefully in the next week, once we decide who we want to have, we will discuss negotiations with that candidate," she said.
Some of the finalists are looking at jobs at other schools, Waite-Franzen said, and the decision to accept the job will come down to whether the candidate wants to live in Hanover.
As part of the selection process, each finalist was asked to make a presentation on the topic of social security numbers and what he or she would do if students' social security numbers were leaked. Margaret Bond, one candidate for CISO, gave her presentation Wednesday in Silsby.
"I was looking for creative ideas, what they would do and how they would approach [Dartmouth] both technically and as a cultural issue," Waite-Franzen said. "Just trying to get a sense of whether they would be able to do something like that because this is probably a real case we need to address."
One component of this position is stressing the value of keeping data secure, according to Waite-Franzen.
"Faculty think, 'I don't really have to worry about my data, it's in my lab, no one would really want it,'" Waite-Franzen said. "Well maybe, but maybe not."
Colleges are particularly vulnerable to breaches in security because of the many ways that information is accessed, Chris Masone, a Ph.D. candidate in Dartmouth's computer science department, said. Earlier this year, faculty members at the University of Wisconsin, Madison experienced a security crisis when their social security numbers -- which the school used as a form of identification for faculty -- were exposed on a public web site.
"Having computers that connect to the internet always carries some risk of people from the outside being able to get in," Masone said. "One way that a lot of corporate environments take to eliminate that risk is homogenize what people can use and manage everything centrally. That doesn't work in a higher-ed environment."
Waite-Franzen has worked to make the selection process as transparent as possible and ensure that the campus community is aware of when candidates' presentations were held, according to Scout Sinclair, a fourth-year Ph.D. student in the computer sciences department.
"Ellen is very actively soliciting input from technical services who will be working with this person when they're hired as well as being proactive about advertising these talks and seeking input on what people want in a candidate," Sinclair said.
There are few candidates who have as much experience in academia as the CISO position requires, Sinclair said, which limited the applicant pool. Bond, for example, has not spent much time working at a university, she said.
"In a corporate environment, it's sort of like, 'This is the mission of the company -- to make money or to save patients' lives -- but a university is much more complex. There are lots of different groups that are trying to do lots of different things," Sinclair said. "It's critical to have someone who can communicate with all those groups effectively as well as be knowledgeable and competent technically."
