(2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers Image from this Site Presenters: Aron Eisold, Matt Mickelson, Bryce Nelson, Benjamin Nikolay

 UWM discovered Malware Infection, May 25, 2011  Affected Server was Immediately Shutdown  Authorities were called in to investigate Image from this Site ("Information on Computer," 2011)

 UWM found Malware had access to SSNs, June 30, 2011  No evidence of Identity Theft was found  No suspects were found View TMJ News Video - ("Information on Computer," 2011)

 UWM notified effected individuals, August 10, 2011  They were asked to monitor their credit reports  UWM updated security on Servers Image from this Site ("Information on Computer," 2011)

Evaluate Analyze Synthesize

AnalyzeSynthesize  UWM Objective Failure  Security was updated in reaction to Breach  Risk Management Training  Re-evaluation of IS roles and responsibilities  Risk Assessment  Regular Business/IT Management Meetings  Cost = $8118 Image from this Site

AnalyzeSynthesize  UWM Objective Failed  Inferred malware access obtained via weak Admin password  Dictionary Attack  Use Radom Password Generator  Setup automated Password Expiration  Password History  ACL Access Limitation  Hardware and Port Lockdown  Cost = $minimal Image from this Site

AnalyzeSynthesize  UWM Objective Passed  UWM has a solid “Admin Access” policy  No Recommendations Needed Image from this Site

AnalyzeSynthesize  UWM Objective Passed  UWM requires use of “Strong” Passwords  Multiple characters types required  No Recommendations Needed Image from this Site

AnalyzeSynthesize  UWM Objective Passed  UWM requires use of “Strong” Passwords  Auditing of Passwords is performed randomly  No Recommendations Needed Image from this Site

AnalyzeSynthesize  UWM Objective Failed  Inferred - Server Admin. Account Compromised  Delay in recognition of illicit activity  Provide users history of prev. activity at login.  Implement Active Directory Audit Tool (AD Audit Plus)  Cost = $7680 annually Image from this Site

AnalyzeSynthesize  UWM Objective Failed  Insufficient audit trail to catch the intruders  Far too much elapsed time before those affected were notified  Verify existing configuration / make changes ( Windows Group Policy / Auditing tools )  Research and assess possible 3 rd party tools  Cost – Variable or minimal, depending on option selected

AnalyzeSynthesize  UWM Objective Passed  Sensitive data classifications do exist  Data was separated and housed on different systems  No Recommendations needed

AnalyzeSynthesize  UWM Objective Passed  Scalability as an enterprise level network  Thousands of user accounts and various types  No Recommendations needed

AnalyzeSynthesize  UWM Objective Failed  Security activity was insufficiently logged  Inability to track/catch the attacker  Checked and escaladed on a regular basis?  Refer to 5.7 recommendations  “Common Sense Security Auditing”  Cost – Variable, depending on route taken

AnalyzeSynthesize  UWM Objective Failed  Attackers were never caught  2 months had elapsed before notifying those affected  Continuously evaluate system/audit security on a regular basis  Evaluate/revise procedures and auditing as necessary  Cost – variable to minimal

AnalyzeSynthesize  UWM Objective Passed  UWM will setup times to perform audits on their network  No Recommendations Needed

AnalyzeSynthesize  UWM Objective Failed  Hacker gained access through open firewall ports  Purchase and install a new firewall  SonicWall NSA E7500  Features Next- Generation Firewall, & Intrusion Prevention.  Cost = $35,339 Image from this Site

AnalyzeSynthesize  UWM Objective Failed  UWM’s spyware failed to deny the outside attacker from gaining access.  Purchase security add- ons to the NSA E7500 firewall.  Included is anti-virus and spyware, and application intelligence on the firewall.  Cost = $14,514 for 3 years.

AnalyzeSynthesize  UWM Objective Irrelevant  There were no transactions or digital signatures needed in this type of security breach.  No Recommendations Needed

AnalyzeSynthesize  UWM Objective Passed  UWM has a excellent records and retention policy to explain how to transfer data.  No Recommendations Needed

AnalyzeSynthesize  UWM Objective Passed  Malware bypassed tamperproof security measures  Security design of infrastructure kept confidential  No Recommendations Needed

AnalyzeSynthesize  UWM Objective Failed  Cryptography Encryption Keys were not used  Unlikely attackers accessed data  Implement asymmetric database encryption  Use DSS encryption technology with private and public keys  Cost - $12,500

AnalyzeSynthesize  UWM Objective Failed  Failed to prevent the malware to install  Physical firewall and configuration remained private  Symantec Endpoint Protection 12.1  SEPM Training for IT department  Policy and Procedure creation and implementation  Cost - $40.89 per device per year $ for training

AnalyzeSynthesize  UWM Objective Passed  No data was transmitted to the WAN  Firewall did not play a role in this incident  No Recommendations Needed

AnalyzeSynthesize  UWM Objective Irrelevant  Integrity of physical mechanisms maintained  Unrelated to physical access or authentication of foreign devices.  No Recommendations Needed

 10 Cobit Objectives Failed  Action Plan’s suggested for all failed objectives  Please visit the Wiki for further details ("Information on Computer," 2011)

EASy as Pie!