+ All Categories
Home > Documents > ( 2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers

( 2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers

Date post: 05-Jan-2016
Category:
Upload: totie
View: 34 times
Download: 1 times
Share this document with a friend
Description:
Image from this Site. ( 2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers. Presenters: Aron Eisold, Matt Mickelson, Bryce Nelson, Benjamin Nikolay. What Occurred. UWM discovered Malware Infection, May 25, 2011 Affected Server was I mmediately Shutdown - PowerPoint PPT Presentation
Popular Tags:
29
(2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers Image from this Site Presenters: Aron Eisold, Matt Mickelson, Bryce Nelson, Benjamin Nikolay
Transcript
Page 3: ( 2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers

UWM found Malware had access to SSNs, June 30, 2011

No evidence of Identity Theft was found No suspects were found

What was Found

View TMJ News Video - http://www.todaystmj4.com/news/local/127459218.html

("Information on Computer," 2011)

Page 5: ( 2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers

EASy Project - CobiTEvaluate Analyze Synthesize

Page 12: ( 2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers

5.7 Security Surveillance

Analyze Synthesize

UWM Objective Failed Insufficient audit trail

to catch the intruders Far too much elapsed

time before those affected were notified

Verify existing configuration / make changes (Windows Group Policy / Auditing tools)

Research and assess possible 3rd party tools

Cost – Variable or minimal, depending on option selected

Page 13: ( 2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers

5.8 Data Classification

Analyze Synthesize

UWM Objective Passed Sensitive data

classifications do exist Data was separated

and housed on different systems

No Recommendations needed

Page 14: ( 2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers

5.9 Central Identity And Access Rights Management

Analyze Synthesize

UWM Objective Passed Scalability as an

enterprise level network

Thousands of user accounts and various types

No Recommendations needed

Page 15: ( 2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers

5.10 Violation and Security Activity Reports

Analyze Synthesize

UWM Objective Failed Security activity was

insufficiently logged Inability to track/catch

the attacker Checked and

escaladed on a regular basis?

Refer to 5.7 recommendations

“Common Sense Security Auditing”

Cost – Variable, depending on route taken

Page 16: ( 2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers

5.11 Incident Handling

Analyze Synthesize

UWM Objective Failed Attackers were never

caught 2 months had elapsed

before notifying those affected

Continuously evaluate system/audit security on a regular basis

Evaluate/revise procedures and auditing as necessary

Cost – variable to minimal

Page 17: ( 2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers

5.12 Reaccreditation

Analyze Synthesize

UWM Objective Passed UWM will setup times

to perform audits on their network

No Recommendations Needed

Page 19: ( 2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers

5.14 Transaction Authorization

Analyze Synthesize

UWM Objective Failed UWM’s spyware failed

to deny the outside attacker from gaining access.

Purchase security add-ons to the NSA E7500 firewall.

Included is anti-virus and spyware, and application intelligence on the firewall.

Cost = $14,514 for 3 years.

Page 20: ( 2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers

5.15 Nonrepudiation

Analyze Synthesize

UWM Objective Irrelevant

There were no transactions or digital signatures needed in this type of security breach.

No Recommendations Needed

Page 21: ( 2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers

5.16 Trusted Path

Analyze Synthesize

UWM Objective Passed UWM has a excellent

records and retention policy to explain how to transfer data.

No Recommendations Needed

Page 22: ( 2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers

5.17 Protection of Security Functions

Analyze Synthesize

UWM Objective Passed Malware bypassed

tamperproof security measures

Security design of infrastructure kept confidential

No Recommendations Needed

Page 23: ( 2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers

5.18 Cryptographic Key Management

Analyze Synthesize

UWM Objective Failed Cryptography

Encryption Keys were not used

Unlikely attackers accessed data

Implement asymmetric database encryption

Use DSS encryption technology with private and public keys

Cost - $12,500

Page 24: ( 2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers

5.19 Malicious Software Prev., Detect. And Corr.

Analyze Synthesize

UWM Objective Failed Failed to prevent the

malware to install Physical firewall and

configuration remained private

Symantec Endpoint Protection 12.1

SEPM Training for IT department

Policy and Procedure creation and implementation

Cost - $40.89 per device per year $3761.57 for training

Page 25: ( 2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers

5.20 Firewall Arch. And Connect. With Public Networks.

Analyze Synthesize

UWM Objective Passed No data was

transmitted to the WAN

Firewall did not play a role in this incident

No Recommendations Needed

Page 26: ( 2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers

5.21 Protection of Electronic Value

Analyze Synthesize

UWM Objective Irrelevant

Integrity of physical mechanisms maintained

Unrelated to physical access or authentication of foreign devices.

No Recommendations Needed

Page 27: ( 2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers

End of PresentationEASy as Pie!

Page 28: ( 2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers

End of PresentationEASy as Pie!

Page 29: ( 2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers

End of PresentationEASy as Pie!


Recommended