The Aburdities Of A Swing Set
So I spent a large part of Easter Sunday as well as over 4 hours this morning helping my father build a swing set for my nephew’s upcoming birthday. While I was happy to help, I am still miffed about how long it took us. Sure the temperature did not help (it was in the low to mid 20’s for most of the build) and we didn’t prepare as well as we should have. However, this is not what I am upset over.
The truly aggravating aspect of building the swing set (complete with monkey bars, a fort, a climbing wall, rope ladder and slide) was that nothing was labeled. Thats right, a 19 foot long, 7 foot wide wood structure with hundreds and hundreds of bolts, screws, nuts and washers and not one label to be found. While we (eventually) got through everything, there is no excuse for not having things properly labeled. Apparently the company thought that by providing only the bare essentials (the parts and a few pages of pictures) customers should have no problem getting everything going smoothly.
How absurd! Isn’t it? While I was truly annoyed by the lack of assistance through proper labeling, it stuck me as very similar to information security directives at many colleges and universities. Too often directives are delivered from “on-high” with no clear direction of how to implement or even the purpose behind them. The result is that just like my father and I, many departments are left struggling out in the cold for hours with little to no real progress.
The move away from Social Security numbers at most colleges and universities is a great example. Move away from SSNs to an internal student ID is a great move and one that I strongly support and recommend to any college or university. However, generally the only thing that is communicated to the campus is “No more Social Security numbers”. On the surface this is good, but looking deeper there are serious problems.
One of the first problems is what about situations where Social Security numbers are needed such as with Federal aid or employment? The organization needs to address how the departments should accept, store and transmit SSNs properly given the new edict. Also, the organization needs to make sure that is has addressed all SSN-required functions. After all, failing to address all functions leaves the organization in the dangerous position of having the perception of being SSN free not match reality.
Another, much larger problem is that often the cry of “No More Social Security numbers” is rarely followed by instructions on what to do with legacy data and systems. Yet, failing to address this legacy data is a serious oversight. The data contained in filing cabinets, legacy computer systems and workstation/laptop hard drives will most likely include SSNs since this was the student identification number used on campus. This data doesn’t know about the No SSN policy, so unless it is actually addressed, it will stay where it is waiting for a breach before it becomes known.
Reducing the use Social Security numbers is an excellent move and one I encourage all educational to make. Just make sure that you are actually addressing all instances of Social Security number use on the campus or else a No SSN policy will do little more then trick the institution into a false sense of security.
Leave a comment