2. (2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers Image from this Site Presenters: Aron Eisold, Matt Mickelson, Bryce Nelson, Benjamin Nikolay

3.  UWM discovered Malware Infection, May 25, 2011  Affected Server was Immediately Shutdown  Authorities were called in to investigate Image from this Site ("Information on Computer," 2011)

4.  UWM found Malware had access to SSNs, June 30, 2011  No evidence of Identity Theft was found  No suspects were found View TMJ News Video - http://www.todaystmj4.com/news/local/127459218.htmlhttp://www.todaystmj4.com/news/local/127459218.html ("Information on Computer," 2011)

5.  UWM notified effected individuals, August 10, 2011  They were asked to monitor their credit reports  UWM updated security on Servers Image from this Site ("Information on Computer," 2011)

7. Evaluate Analyze Synthesize

8. AnalyzeSynthesize  UWM Objective Failure  Security was updated in reaction to Breach  Risk Management Training  Re-evaluation of IS roles and responsibilities  Risk Assessment  Regular Business/IT Management Meetings  Cost = $8118 Image from this Site

10. AnalyzeSynthesize  UWM Objective Failed  Inferred malware access obtained via weak Admin password  Dictionary Attack  Use Radom Password Generator  Setup automated Password Expiration  Password History  ACL Access Limitation  Hardware and Port Lockdown  Cost = $minimal Image from this Site

11. AnalyzeSynthesize  UWM Objective Passed  UWM has a solid “Admin Access” policy  No Recommendations Needed Image from this Site

12. AnalyzeSynthesize  UWM Objective Passed  UWM requires use of “Strong” Passwords  Multiple characters types required  No Recommendations Needed Image from this Site

13. AnalyzeSynthesize  UWM Objective Passed  UWM requires use of “Strong” Passwords  Auditing of Passwords is performed randomly  No Recommendations Needed Image from this Site

14. AnalyzeSynthesize  UWM Objective Failed  Inferred - Server Admin. Account Compromised  Delay in recognition of illicit activity  Provide users history of prev. activity at login.  Implement Active Directory Audit Tool (AD Audit Plus)  Cost = $7680 annually Image from this Site

15. AnalyzeSynthesize  UWM Objective Failed  Insufficient audit trail to catch the intruders  Far too much elapsed time before those affected were notified  Verify existing configuration / make changes ( Windows Group Policy / Auditing tools )  Research and assess possible 3 rd party tools  Cost – Variable or minimal, depending on option selected

16. AnalyzeSynthesize  UWM Objective Passed  Sensitive data classifications do exist  Data was separated and housed on different systems  No Recommendations needed

17. AnalyzeSynthesize  UWM Objective Passed  Scalability as an enterprise level network  Thousands of user accounts and various types  No Recommendations needed

18. AnalyzeSynthesize  UWM Objective Failed  Security activity was insufficiently logged  Inability to track/catch the attacker  Checked and escaladed on a regular basis?  Refer to 5.7 recommendations  “Common Sense Security Auditing”  Cost – Variable, depending on route taken

19. AnalyzeSynthesize  UWM Objective Failed  Attackers were never caught  2 months had elapsed before notifying those affected  Continuously evaluate system/audit security on a regular basis  Evaluate/revise procedures and auditing as necessary  Cost – variable to minimal

20. AnalyzeSynthesize  UWM Objective Passed  UWM will setup times to perform audits on their network  No Recommendations Needed

21. AnalyzeSynthesize  UWM Objective Failed  Hacker gained access through open firewall ports  Purchase and install a new firewall  SonicWall NSA E7500  Features Next- Generation Firewall, & Intrusion Prevention.  Cost = $35,339 Image from this Site

22. AnalyzeSynthesize  UWM Objective Failed  UWM’s spyware failed to deny the outside attacker from gaining access.  Purchase security add- ons to the NSA E7500 firewall.  Included is anti-virus and spyware, and application intelligence on the firewall.  Cost = $14,514 for 3 years.

23. AnalyzeSynthesize  UWM Objective Irrelevant  There were no transactions or digital signatures needed in this type of security breach.  No Recommendations Needed

24. AnalyzeSynthesize  UWM Objective Passed  UWM has a excellent records and retention policy to explain how to transfer data.  No Recommendations Needed

25. AnalyzeSynthesize  UWM Objective Passed  Malware bypassed tamperproof security measures  Security design of infrastructure kept confidential  No Recommendations Needed

26. AnalyzeSynthesize  UWM Objective Failed  Cryptography Encryption Keys were not used  Unlikely attackers accessed data  Implement asymmetric database encryption  Use DSS encryption technology with private and public keys  Cost - $12,500

27. AnalyzeSynthesize  UWM Objective Failed  Failed to prevent the malware to install  Physical firewall and configuration remained private  Symantec Endpoint Protection 12.1  SEPM Training for IT department  Policy and Procedure creation and implementation  Cost - $40.89 per device per year $3761.57 for training

28. AnalyzeSynthesize  UWM Objective Passed  No data was transmitted to the WAN  Firewall did not play a role in this incident  No Recommendations Needed

29. AnalyzeSynthesize  UWM Objective Irrelevant  Integrity of physical mechanisms maintained  Unrelated to physical access or authentication of foreign devices.  No Recommendations Needed

30.  10 Cobit Objectives Failed  Action Plan’s suggested for all failed objectives  Please visit the Wiki for further details ("Information on Computer," 2011)

32. EASy as Pie!