Presentation is loading. Please wait.

Presentation is loading. Please wait.

Patrick J. Gossman, Ph.D Deputy CIO Wayne State University Detroit, MI.

Published byVincent Young Modified over 8 years ago

Similar presentations

Presentation on theme: "Patrick J. Gossman, Ph.D Deputy CIO Wayne State University Detroit, MI."— Presentation transcript:

1 Patrick J. Gossman, Ph.D Deputy CIO Wayne State University Detroit, MI

2 Overview Present a short case study, still in development, to illustrate the “power” of privacy concerns around biometrics Discuss key questions that may be raised in any campus deployment Lead into an in-depth review of the law 11/18/10Wayne State University2

3 The Situation A large urban campus, 100 buildings 200 custodial staff, unionized Central check-in inefficient, error-prone Desire distributed readers so staff can report directly to their work location Remote check-in easily spoofed with magnetic stripe card readers 11/18/10Wayne State University3

4 Perfect Solution Biometric readers inside all buildings for check-in and check-out of custodial staff Biometric readers well-proven technologies, not easily spoofed Initial up-front cost, but reasonable maintenance costs 11/18/10Wayne State University4

5 So, why are we installing CARD readers? Privacy became a key issue Concern about dealing with privacy led to many other questions: Does the technology solve our problem? Introduce other problems? Worth the cost? Maintenance questions? 11/18/10Wayne State University5

6 Biometrics - Privacy Concerns How secure are the data? Hosted solution, added concerns? Who has access? What data are we gathering? If released, how might it be used? How long do we keep it? What will be done with it? 11/18/10Wayne State University6

7 Security Storage is in highly secure environments SAS 70 security audit Access to data is strictly controlled by password and role All data are transmitted via VPN 11/18/10Wayne State University7

8 What Data? Biometric identifier vs. tracking data Biometric identifier considered was hand geometry Physical images would not be stored Hand geometry technology is encrypted on both ends (storage and reader) and of no use if decrypted otherwise 11/18/10Wayne State University8

9 How Will Data Be Used? Management reports only Reports using biometrics would be no different than if card readers or manual entry of attendance data were deployed 11/18/10Wayne State University9

10 So why are we installing CARD readers? No guarantees (are there ever?) Technology sounds complex, obtuse Don’t trust what you don’t understand Don’t trust technology and administration Deployment plan with biometrics would close some loopholes, but not all Therefore, start with less intrusive process 11/18/10Wayne State University10

11 In Our Case... More Work Card readers are accepted and address the first problem of efficiency – staff go directly to work assignments Biometrics would help eliminate spoofing and problems with lost cards Neither solves absence between check-in and check- out Building access is a related issue 11/18/10Wayne State University11

12 In Your Case Problem analysis is critical. Biometrics are just tools. Processes are critical. Total plan must be solid, ROI analysis solid, need for biometrics solid, particular technology well chosen. Campus culture cannot be ignored. 11/18/10Wayne State University12

13 Closing Choose least intrusive technology Make it simple to understand Transparency is required Consider broad participation in decision process to aid adoption Differentiate between what is required by law and what is required by your culture 11/18/10Wayne State University13

14 Patrick J. Gossman, Ph.D. Deputy Chief Information Officer Wayne State University Detroit, MI 48202 pgossman@wayne.edu (313) 577-2085 11/18/10Wayne State University14

Download ppt "Patrick J. Gossman, Ph.D Deputy CIO Wayne State University Detroit, MI."

Similar presentations

An Institutionally Secure Integrated Data Environment (INSIDE) By University of St Andrews & University of Durham Original Aims –the development of a sustainable.

An Institutionally Secure Integrated Data Environment (INSIDE) By University of St Andrews & University of Durham Original Aims –the development of a sustainable.
First create and sign up for a blue host account Through the help of Blue Host create a WordPress website for the business After you created WordPress.

First create and sign up for a blue host account Through the help of Blue Host create a WordPress website for the business After you created WordPress.
Overview This session is aimed at both PeopleSoft Financials users and Security Administrators. We will discuss plans for the 9.2 upgrade including.

Overview This session is aimed at both PeopleSoft Financials users and Security Administrators. We will discuss plans for the 9.2 upgrade including.
Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,

Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Beach Park Schools Beach Park, Illinois Introduces.

Beach Park Schools Beach Park, Illinois Introduces.
Www.tectia.com COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.

COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.
Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.

Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.
Www.eu-eela.eu E-science grid facility for Europe and Latin America A Data Access Policy based on VOMS attributes in the Secure Storage Service Diego Scardaci.

E-science grid facility for Europe and Latin America A Data Access Policy based on VOMS attributes in the Secure Storage Service Diego Scardaci.
Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.

Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.
Business Intelligence Michael Gross Tina Larsell Chad Anderson.

Business Intelligence Michael Gross Tina Larsell Chad Anderson.
Data Warehouse Yong Shi CSE DEPARTMENT. Strategic delivery of information The current Situation The never-ending quest to access any information, anywhere,

Data Warehouse Yong Shi CSE DEPARTMENT. Strategic delivery of information The current Situation The never-ending quest to access any information, anywhere,
MIS 431 Chapter 71 Ch. 7: Advanced File Management System MIS 431 Created Spring 2006.

MIS 431 Chapter 71 Ch. 7: Advanced File Management System MIS 431 Created Spring 2006.
Lesson 1-What Is Information Security?. Overview History of security. Security as a process.

Lesson 1-What Is Information Security?. Overview History of security. Security as a process.
1 Mon. December 3, 2001A Secure National ID Card Group 8 Chris Marinak Mike Cuvelier Adam Sowers Saud Bangash.

1 Mon. December 3, 2001A Secure National ID Card Group 8 Chris Marinak Mike Cuvelier Adam Sowers Saud Bangash.
Basics of Access Control A new & exciting world.

Basics of Access Control A new & exciting world.
Amber Vision – June 25, 2010 Presentation to: West Virginia Board of Education Superintendent’s Leadership Institute.

Amber Vision – June 25, 2010 Presentation to: West Virginia Board of Education Superintendent’s Leadership Institute.
Security SIG August 19, 2010 Justin C. Klein Keane

Security SIG August 19, 2010 Justin C. Klein Keane
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Sybase Confidential Propriety.iAnywhere ConfidentialiAnywhere Confidential Proprietary.Sybase Confidential Propriety. Addressing the Challenges of Device.

Sybase Confidential Propriety.iAnywhere ConfidentialiAnywhere Confidential Proprietary.Sybase Confidential Propriety. Addressing the Challenges of Device.

Similar presentations

Ads by Google