Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

The University of Nebraska\'s data breach affected over 600,000 students in 2012

ID: 3909702 • Letter: T

Question

The University of Nebraska's data breach affected over 600,000 students in 2012. This was one of the largest data breaches reported for a university campus. Read the following reports about the data breach and then answer the questions below.

https://www.databreachtoday.com/u-nebraska-breach-affects-650000-a-4809

https://nebraska.edu/docs/2012-06-08SecurityIncident.pdf

https://campustechnology.com/Articles/2013/03/21/Higher-Ed-Data-Breaches-at-Near-Record-High-in-2012.aspx

Discuss the ramifications of the event, what might be the vulnerabilities that were exploited, regulatory and compliance issues associated with the event and what, if you were the CISO would be your recommended course/courses of action to ensure this type of incident did not happen in the future. Please remember to cite your sources.

Explanation / Answer

The reasons the event took place was due to security misconfigurations and incorrect access settings, due to which the data could be accessed on the internet, some files containing sensitive data were open and could be downloaded on the internet due to the security misconfigurations.

The Vulnerabilities that were exploited were security misconfiguration and not applying access settings properly, out of which Security misconfiguration is among the top 10 Vulnerabilities listed by the OWASP.

Some other vulnerabilities which might be exploited could be some open ports which were accessed by the hackers and allowing them to access the data.

Regulatory and Compliance issues associated: The policies and regulations were not up to the marks or not followed properly as the vulnerabilities existed and were not checked or fixed, due to which the hacker was able to access the data. The Information Security audit of the university should be done know as ISO 27001 to check if the regulations and policies are implemented and there exists no vulnerability through which an attack can be performed.

If I would have been the CISO, I would suggest to make a security team to check the vulnerabilities and its patches on a regular duration and also make sure the systems and servers of the university are up to the mark and follow all the security guidelines, and also make sure to check if the university is being audited for ISO 27001.

The sources provided in the questions were only used to answer the question.

This is all for the question.

Thank You for using Chegg.!

Related Questions

The United States possesses the ten largest warships in the world—aircraft carri
Question #1443170
The United States purchased Alaska in 1867 for $7.2M (where M stands for million
Question #2641355
The United States requires financial statements to be prepared under GAAP but mo
Question #2573524
The United States saw the highest gasoline prices in 2008. To stop gas prices fr
Question #2440164
The United States steel industry, once the world leader, now produces less steel
Question #1131813
The United States today is experiencing a severe trade imbalance. Many economist
Question #1211026
The United States uses accounting standards developed by the Financial Accountin
Question #1201049
The United States witnessed an expansion almost a decade longduring the 1990s, a
Question #1252598
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
The University of Michigan\'s business school claims it has the highest average
Next
The University of North is the major state university. The University was prepar

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.