Educause Security Discussion mailing list archives
Re: SSN Conversion
From: Gary Flynn <flynngn () JMU EDU>
Date: Wed, 22 Mar 2006 12:38:42 -0500
Chad McDonald wrote:
Our project manager has some questions regarding SSN conversion.Regarding Student ID Conversion from using the student's SSN as the ID to using a system generated ID: What techniques did you use to facilitate the conversion of the many miscellaneous data stores (spreadsheets, Access databases, etc.) that exist throughout your campus?We are looking strongly at 2 scenarios: Provide a file with SSN and New ID (no other information at all would be in the file) for administrators of ad hoc databases & spreadsheets. This would be accompanied by user education as well. The file would be on CD. CD's would be numbered and signed for with agreement not to duplicate or communicate data in any fashion. Once conversion is complete, CD's would be retrieved. OR Create a secure website for individual SSN / ID lookups.
Control access very carefully to online lookup processes to reduce the risk of unauthorized disclosure via iterative lookups... What is the SSN for ID 1 What is the SSN for ID 2 ... What is the SSN for ID 49999 or What is the ID for SSN 000-00-0001 What is the ID for SSN 000-00-0002 ... What is the ID for SSN 999-99-9999
Do you see major security concerns with either approach, given that we have to accommodate these administrators?
-- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- SSN Conversion Chad McDonald (Mar 22)
- <Possible follow-ups>
- Re: SSN Conversion Aaron Lafferty (Mar 22)
- Re: SSN Conversion Gary Flynn (Mar 22)
- Re: SSN Conversion Buz Dale (Mar 22)
- Re: SSN Conversion Graham Toal (Mar 22)