![dataloss logo](/images/dataloss-logo.png)
BreachExchange mailing list archives
Lessons In Campus Cybersecurity (Univ. of Nebraska)
From: security curmudgeon <jericho () attrition org>
Date: Thu, 30 Aug 2012 02:02:15 -0500 (CDT)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://www.darkreading.com/database-security/167901020/security/attacks-breaches/240006411/lessons-in-campus-cybersecurity.html By Kelly Jackson Higgins Dark Reading Aug 28, 2012 The University of Nebraska had just deployed a new security information event management (SIEM) system when an undergraduate student there apparently broke into the school's student information system, exposing sensitive information of 654,000 students, alumni, and employees. While the breach was a serious one that is still under investigation, Nebraska was actually better off in the end than most universities that get hacked. An IT staffer detected an error message in one of the university's systems at 10 p.m. on a Wednesday evening in May, and began to escalate the issue, bringing in the security team, which investigated the activity and monitored some suspicious behavior throughout the night. "By that next afternoon, we had figured out what had happened," says Joshua Mauk, information security officer for the University of Nebraska. An insider had accessed the university's PeopleSoft-based database. Mauk says the university used logs from all of its database, applications, network, and security tools -- including the SIEM -- to piece together a picture of the breach within 48 hours of its occurrence. "That [let us] provide enough information to the police for them to execute warrants to confiscate the person of interest's computing equipment that may have been used in the breach," he says. "We used this data and more to conduct a more detailed analysis, with the assistance of an external security firm, to produce a summary and timeline of what we believe the attacker did." [...] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Lessons In Campus Cybersecurity (Univ. of Nebraska) security curmudgeon (Sep 04)