Wendy Nather builds-in information security at Texas Education Agency

Sep 1, 2008 12:00 PM, By Randy Southerland

One of the greatest challenges Nather faced was not just protecting data, but making sure that it was still usable for legitimate purposes. For example, researchers often used the TEA's data collection system on public school students to track performance and progress.

“Sometimes they need to have individual student-level data because that's the only way they can track a child across years and schools or between a school and the work force,” Nather says. “We're very concerned about that and we want to make sure that we comply with the Family Education Rights and Privacy Act. That means the data is in compliance with the law and that they protect it as well as we protect it.”

Protecting data required overhauling the technical security infrastructures, but Nather also decided that security needed to become part of the software development lifecycle itself. That meant ensuring that programs have security built in before they are widely deployed.

“That involved a big mindset change,” she explains. “It is great to see the developers taking risk and secure coding practices into consideration.”

In an age of mobile computing, the TEA also rolled out whole disk encryption for employee laptops to ensure that only the owner can access data.

Another potential source of concern for data security was the agency's e-mail. Sometimes sensitive information travels through the system leaving it open to potential disclosure. To combat that problem, Nather implemented an encryption system that allows staff to send and receive e-mail securely with people outside the agency.

“If we ask an educator to send us his or her Social Security number, we can initiate a secure connection for them to do that and they don't have to understand PGP (Pretty Good Privacy cryptographic and authentication) or buy anything,” she says. “We've been sending more than 250,000 messages that way since it was implemented and we know that when we do have to exchange data, we're doing it more securely.”

While implementing sophisticated technical protections for data, Nather saw the human element as critical to security. Soon after coming on board, she developed an extensive training program for agency employees on how to use their computer securely. The emphasis was on how to be safe at home ranging from setting up a secure wireless network to guarding against identity theft while on-line.

“That benefits the agency because a lot of our folks work at home, but it goes beyond that and shows some care and concern for agency staff's life outside of the office,” Jones says. “So she's really put together a nice training program that covers the fundamentals of working in a state agency and it's augmented by a lot of things that people care about and worry about, and she raises their comfort level.”

In addition, Nather's emphasis on building a strong and responsive security program for this state agency is coming to fruition and that reflects a real change for the public sector.

“This is something new,” she asserts. “It really hasn't been an integral part of the high-level strategic planning, but I think it's getting there now, and that's a good sign.”

Other Honor Stories

• Emphasis on service drives success for Planned Security's Dino Iuliano
• Robert Achenbach lifts security profile at First National of Nebraska
• Shawn Reilly combines guards and gadgets at Greenville hospital
• Ed Merkle leads technology success story at Virginia Port Authority

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue