10 Apr UC Berkeley Case Study
Financial and government organizations store a good deal of personal information, such as Social Security numbers, birth dates, and addresses. As a result, they have been attractive targets for hackers. Because most of these institutions have improved their access controls, hackers may choose instead to attack organizations with similarly valuable data but lower security.
Read the Case Study at the end of Chapter 5. Perform the following and present the results in a 1- to 2-page group report:
Define a set of policies and procedures that would allow educational institutions to limit vulnerabilities while still allowing students access to academic systems.
Determine who should be ultimately accountable for ensuring that a security policy is in place and is enforced.
Identify the person at your school who is responsible for maintaining the security policy and prepare your recommendations as a memo to him or her.
Identify the individual contributions of each member of the group.
Reference:
Hackers broke into a computer at the University of California at Berkley recently and gained access to 1.4 million names, social security numbers, addresses, and dates of birth that were being used as part of a research project. The FBI, the California Highway Patrol, and California Department of Social Services were investigating the incident. Security personnel were performing a routine test of intrusion detection when they noticed that an unauthorized user was attempting to gain access to the computer. A database with a known security flaw was exploited, and a patch was available that would have prevented the attack. The negligence in attending to the known security flaw appears to be a common mistake among institutes of higher learning in the state. Banks, government agencies, and schools are known to be the top targets for hackers. Hackers may attack financial institutions in an effort to profit from the crime, and government agencies to gain notoriety. Private companies generally have made at least some effort to ensure that data is secure, but hackers attack institutes of higher learning often because there are frequent lapses in security. This not only presents a problem for the university, but also is a danger to other entities, since denial of service attacks may be generated from the compromised university computers. One of the problems at universities may be the lack of accountability or of an overarching department that has authority to oversee all systems, and limit modifications. In the name of learning, many less qualified individuals, sometimes students, are given authority to make modifications to operating systems and applications. This presents a continuing problem for administrators and represents a threat to all who access the Internet.
Source: Based on “Hack at UC Berkeley Potentially Nets 1.4 Million SSNs,” eWeek.com, October 20, 2004. (Dhillon, 2017-11-17, pp. 125-126)
Dhillon, G. (2017-11-17). Information Security: Text and Cases, 2nd Edition [VitalSource Bookshelf version]. Retrieved from vbk://9781943153244
