There apparently weren’t any surprises in a Legislative Division of Post Audit report concerning computer security at Kansas University:

“I was pleased this really didn’t find anything in our environment we weren’t aware of,” said Marilu Goodyear, KU vice provost for information services.

That’s great, but knowing the problems is only the first step. KU officials say they have been working on issues cited in the audit, but what anyone associated with KU wants to know is how secure the university’s computer system is now and how quickly additional corrective measures can be completed.

Much of the Post Audit report was confidential, as it had to be to keep from tipping off would-be hackers. It was noted publicly, however, that the university needed to write down more of its security policies and give its information technology security officer more clout.

As the report noted, the lack of written policies leaves the door open to people skipping or ad-libbing certain security steps. That kind of lax operation is an invitation to oversights, just one of which could leave vulnerable huge amounts of confidential information. And, although Goodyear said she was satisfied with the current reporting structure for the technology security officer, the fact that the Post Audit report raised the issue may indicate that further review is needed to make sure security issues are getting the attention they deserve from top administrators.

It’s a mammoth task to try to handle all the details of a computer system that holds as much confidential information as KU’s does. Routine security steps such as changing passwords and backing up information can easily fall through the cracks if they aren’t properly monitored.

Having been the victim of three high-profile security breaches in the past 27 months, KU officials and students are painfully aware of the vulnerability of their computer system. A university system is likely to be a prime target for many savvy hackers, and many students and faculty members have much to lose if their private information is made public.

Because of the legislative audit, KU officials now have the best information available on how to ensure that the university’s computer system is secure. The next step is for them to find the resources, establish the policies and set up a reporting system that will provide the most secure system possible. Much is at stake, and a lot of students and faculty members are counting on them.