Response needed, needs to seem like a dialogue:
The ramifications of the university database breach, especially one containing so much student information, ban be severe. While the database targeted did not contain credit card information, it did contain names, social security numbers, and personal addresses of numerous students and alumni of the university (Liebowitz, 2012). With this type information, identity theft is a major concern. Hackers with malicious intent can use social security numbers to open financial accounts, file for tax refunds, and obtain medical care (DiGangi, 2015).
A big vulnerability this specific case highlights is consolidating information into one area or database. Having all the information of students and alumni in one place undoubtedly makes operations for the university easier, but also makes it easier to steal a lot of valuable information all in one event. The university was also storing information of applicants who may have never actually registered and attended the school which is also a problem as this information most likely does not need to remain in the system (Liebowitz, 2012).
If I were the CISO of the U of Nebraska, I would make the typical recommendations of strong security in layers involving firewalls and access control. Additionally, I would recommend the database be separated into two different groups of active students and former alumni. People who have applied but never attended courses could be archived for up to a year but then their information would need to be dropped. Also, I would recommend implementing strong encryption of the database and deploying some type of context-aware access control method which could block access based on where authentication is occurring or time of day as well (Kearns, 2015).
DiGangi, C. (2015, January 17). What an ID thief can do with a social security number. Retrieved from http://blog.credit.com/2015/02/5-things-an-identit...
Kearns, D. (2015, February 18). How we can prevent another Anthem breach. Retrieved from http://www.darkreading.com/attacks-breaches/how-we...
Liebowitz, M. (2012, June 4). U of Nebraska data breach affects 650,000. Retrieved from http://www.nbcnews.com/id/47678637/ns/technology_a...
Other samples, services and questions:
When you use PaperHelp, you save one valuable — TIME
You can spend it for more important things than paper writing.