Introduction
In this case study(Dhillon, 2007, p. 129), University of California(UC) at Berkley was hacked because of an unpatched database which had a known security flaw. The hackers stole 1.4 million users private data. The authorities were informed of the incident that took place in August 2014 so they can start the investigations. The incident was discovered by security staff of UC. The problem did not stop at the stolen data but could also extend to UC reputation as an institute of higher education. Because the hackers could have used UC systems to launch Denial of Service(DOS) attacks on others. This paper is going to discuss proper security policies and procedures that help universities limit vulnerabilities while allowing
…show more content…
Even though the IT staff are the ones who should be leading this process. Because students are part of the university. If the IT department forces certain policies but the students do not comply then it is just useless. Therefore, the students must be trained and educated about the importance that security plays in their lives and the lives of others. A student must also understand that a university is not just a place to learn at but also a whole community of people living and interacting together just like a neighborhood.
The Frequency of Security Policy Update
It is advisable that a university updates its security policy every semester or quarter depending on the type of term the university uses. That is the normal update period but sometimes urgent information security news come from different vendors(hardware, software or firmware) forcing the university to suddenly update its security policy. In other words the security policy update should have acceptable period of time and be adaptable to urgencies in IS.
Conclusion
After discussing the required material pertaining to university security, a person must understand that information security is a science that keeps changing. Therefore, universities need to keep up with the latest information from specialists and experts not just people in Academia(Viega, 2009). They also must train and educate their employees and students in information security. The
As we all know people are where we see the biggest problems in security breaches and problems on any computer or network system. People need to understand what they are allowed and not allowed to do, this is where policies, procedures, and training come in to play.
Whitman,M.E., & Mattord, H. J. (2010). Management of information security(3rded.). Boston, MA: Course Technology/Cengage Learning
The first thought that comes to mind when a data breach occurs at a higher education institution is that a student hacked into the university or college network in order to make changes to their information, such as grades. Fortunately, that has not been the case in recent cyber attacks. Hackers see higher education systems as a gold mine because students’ personal identifiable information (PII) is stored in the platforms utilized by the universities. Cyber threats have fluctuated each year at many universities. Harman (2016) stated that there are increased incidents of spear phishing, where hackers send personalized, legitimate e-mails that include harmful links or attachments. A great deal of student’s data is stored within the
This analysis discusses some issues and requirements to correct these issues that are outlined in the Turn Key University (TKU) data breach case study. In addition to these issues and requirements, some applicable laws will be discussed and some controls will be suggested for implementation.
During this course there have been a number of key learning points that would help every organization protect itself from a cyber-event. These include password management, patch management, security policies, encryption, and user training. In each of the cyber security breaches one or more of these standard security protocols were not used.
As such, our company’s people resources pose the greatest risk for security breach. Our way to help mitigate risk in this area is to keep communication lines open in this area and to continually mandate security knowledge training, with mandatory updates on a regular basis. When the employees are informed of company policy when facing a security matter, they are better equipped to act in the best or right way. In this way knowledge is power – or at least empowerment to act in the best interest of the company’s information security.
This paper will present a report that will assist with determining the controls required to implement to ensure that data are secure for the Northcentral University. This paper will summarize the security breaches of the Target Store Corporation over the previous year and make recommendations in the form of information technology security best practices to strengthen the University’s infrastructure.
1. Model an attack by a remote user accessing the university network via the Internet. Explore attack vectors and attackers’ goals.
14. How can the practice of information security be described as both an art and a science? How does security
As another security examiner at Aim Higher College I was given the undertaking to decide the main three dangers that the College faces. Consistently innovation is actualized in numerous associations. This innovation may settle past vulnerabilities or even make new one. Programmers may misuse this known powerlessness to access basic information or cause hurt in the system. This new technology may fix previous vulnerabilities or even create new one. Hackers may exploit this known vulnerability to gain access to critical data or cause harm in the network.
Forty-three percent of in-house members of organization were accountable for data loss. Twenty-two percent was intentional data loss. Twenty-one percent was accidental according to Intel Security (http://www.mcafee.com). The forty-three percent is the people factor in information security systems. People are the problem and the solution. In the discussion I will state how people are the weakest link in information security system through social engineering. First, I will define social engineering. People have been victims of social engineer throughout time. The first case of social engineering could be argued was the “Trojan Horse” in ancient times in the Trojan War circa 800 B.C.E. according to Homer’s Iliad (www.ancient.eu) or Kublai Khan’s invasion of China in 1275 A.D to today’s wire fraud emails. This paper will focus on social engineering and remedies for social engineering.
Technology has grown tremendously over the past few decades. Everyday businesses, governments, and everyday people rely on technology for things from banking to communicating with loved ones and business associates. Disrupting this technology can cause major losses monetarily and in the sense of information. According to Information Security Curriculum Creation: A Case Study, “A survey of undergraduate degree programs in Computer Science, Information Technology, Management Information Science, and others show a lack of emphasis on security issues in their curriculum.” There is a strong need to secure and protect information for many, many reasons and as such it is important that an undergraduate curriculum provides a comprehensive approach to teaching information security concepts to its students.
Establishing an effective Information Technology Security Policy Framework is critical in the development of a comprehensive security program. The purpose of the Information Security Policy Framework is to insure your organization will be able to provide the minimum security level necessary to maintain confidentiality, integrity, and availability of the information it collects and uses.
A threat agent is the facilitator of an attack however; a threat is a constant danger to an asset.