What would make a University less secure than a corporation??
Ostensibly, universities in the interest of academic freedom and promoting learning usually don't have nearly the same draconian measures that corporations have.
More to the point, us poor professional staff don't stand a chance politically against students and faculty. We support whatever they want to use.
I think it's more an issue of control. Ford IS can say Thou Shalt Not turn on SAP advertisement, and people will listen (or go away). At major Universities, what we do with troublemakers is, we hire them.
I think your impression of the corporate work environment is a bit naive, just as most people in the commercial environment have misimpressions about university environments. In universities, the faculty rules - sort of. The administration also has a great deal of power as is usually wielded by the deans. In corporations there are often several levels of management, each with control and responsibility. Just as a university president has little chance of success in ordering something that is viewed by the faculty as a breach of privacy or heavy handed action, the CEO of most companies is similarly constrained. In fact, it would be rare that either would get involved is this level of decision. If Ford IS said "Thou Shalt Not turn on SAP advertisement" and someone in Ford's engineering department had a requirement for SAP advertisement in order to service a major customer, the IS department would fail (and the person responsible for making the decision might be surprised at how fast the human resources department can act).
But back to the point, the anonymous (cypherpunk relevance) "system administrator" (guess they couldn't find anyone willing to make a fool of himself on the record?) who said that Universities would be hurt more was wrong. We just don't have passwords on Win95 machines, or don't care if they're compromised. It's the people at Ford, Dow, and Sprint, which had wasted man-years putting together "policies" and "user profiles" that have proven to be worse than useless, who are pissed off.
In my experience, it is rarely the case that eaither a university or a business is well protected. Comparing one to the other is probably not very useful. One thing is for certain, however. The vast majority of the professors in computer science don't understand anything of substance about information protection. If you tried to tell them about it, chances are they would rebuff you for your attempt. Furthermore, professors of computer science almost never perform systems administration duties for the university computer center. The computer center is almost always run by professional staff not affiliated with the computer science department. -> See: Info-Sec Heaven at URL http://all.net/ Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236