Re: Please bear with me - this is an odd request ...

[Joanna Grama <joanna.grama () VANTAGETCG COM>]

Hi Chad,
EDUCAUSE has a couple of different papers on the incidence of data breaches in higher education that might help with 
background information:

  *   Searching for a Smoking Gun, Chasing a Silver Bullet: Data Breaches in Higher Education, at 
https://library.educause.edu/resources/2017/2/searching-for-a-smoking-gun-chasing-a-silver-bullet-data-breaches-in-higher-education
  *   Just in Time Research: Data Breaches in Higher Education, at 
https://library.educause.edu/resources/2014/5/just-in-time-research-data-breaches-in-higher-education

I hope this is useful to you.

Kind regards,
Joanna


Joanna Grama, JD, CISSP
Senior Consultant
Vantage Technology Consulting Group
Desk: 978-341-0700 x 316

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Steven Alexander
Sent: Monday, November 26, 2018 8:51 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Please bear with me - this is an odd request ...


Maricopa Community College District had a serious breach a few years ago and some of the costs (remediation, credit 
monitoring) were reported in the news.



https://www.azcentral.com/story/news/local/phoenix/2014/12/17/costs-repair-massive-mcccd-computer-hack-top-million/20539491/
[https://www.gannett-cdn.com/-mm-/355fe8152fd9ff0786244baf17ca705df30cfbb3/c=62-90-846-533/local/-/media/Phoenix/Phoenix/2014/12/01/635530474395365004-Maricopa-County-Community-C.jpg?width=3200&height=1680&fit=crop]<https://www.azcentral.com/story/news/local/phoenix/2014/12/17/costs-repair-massive-mcccd-computer-hack-top-million/20539491/>

Maricopa County colleges computer hack cost tops 
$26M<https://www.azcentral.com/story/news/local/phoenix/2014/12/17/costs-repair-massive-mcccd-computer-hack-top-million/20539491/>
www.azcentral.com<http://www.azcentral.com>
The Maricopa County Community College District continues to deal with fallout from the massive computer-system breach 
last year, and the latest figures show the cost to taxpayers to deal with it ...




Steven Alexander
Director of IT Security
Kern Community College District

________________________________
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> on behalf of Chad Tracy <ctracy () BATES EDU<mailto:ctracy () BATES EDU>>
Sent: Monday, November 26, 2018 8:50:44 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Please bear with me - this is an odd request ...

Hope everyone had a much deserved Thanksgiving break.

I am three months into a newly created security position at an institution that never had a dedicated person to fill 
the role. I have been asked to put together a reading for the Board of Trustees regarding a case study or some in depth 
description of a security incident that an institution in higher education had and what the school did to right itself 
and any sort of cost associated with it? The end game is to show the members of the board the importance of this area. 
There may be easier ways to show the importance but I am sure some of you can probably raise their hand to having to 
fulfill a request for the board... :)

Has anyone ever seen such a report or maybe even completed one themselves? Maybe the report covered such things as:

How the institution dealt with possible:
reduced donations after the breach,
reputational damage (I am not sure if this can be measured anymore... are people becoming so desensitized by breaches 
that they just shrug them off nowadays?),
reduced enrollment.

Costs of remediation:
purchasing technology/services to remediate
hiring of staff

Thank you for your time and feel free to reach out offline either through email or phone.

Cheers,

Chad



--
Chad Tracy
Director of Information Security, Policy and Compliance
Bates College
207 786-6491