EDUCAUSE | Contributed by Organizations or Campuses; Articles, Papers, and Reports; and Incident Handling and Response

2008 Data Breach Investigations Report

ckeller — Wed, 16 Jul 2008 11:01:52 -0500

The 2008 Data Breach Investigations Report draws from over 500 forensic engagements handled by the Verizon Business Investigative Response team over a four-year period. Tens of thousands of data points weave together the stories and statistics from compromise victims around the world. This report seeks to answer the following questions;

Who is behind data breaches?
How do breaches occur?
What commonalities exist?
Where should mitigation efforts be focused?

Data Breaches Hit More Campuses

ckeller — Tue, 12 Feb 2008 11:02:30 -0600

Review of news sources and databases shows an increase in the number of both security incidents and affected institutions in the last year.

How Ready Are IT Managers for a Crisis?

ckeller — Tue, 30 Oct 2007 10:57:21 -0500

The annual Campus Computing Survey focuses on IT security and crisis management, finding gaps in preparation but fewer attacks on networks.

Training Your Staff to Protect SIS Data

ckeller — Fri, 07 Sep 2007 14:32:08 -0500

"No matter how robust your firewall, trained faculty and staff are your first line of defense against system breaches."

2006 Annual Study: Cost of a Data Breach Understanding Financial Impact, Customer Turnover, and Preventative Solutions

ckeller — Tue, 24 Jul 2007 14:57:21 -0500

This study summarizies the actual costs incurred by 31 organizations that lost confidential customer information and had a regulatory requirement to publicly notify affected individuals.

Cambridge University researchers hack chip-and-PIN payment terminals

drupal — Fri, 18 May 2007 11:36:56 -0500

"Researchers at the University of Cambridge in the U.K. have demonstrated how a chip-and-PIN terminal used to authenticate credit and debit card transactions in that country can be compromised to steal sensitive data."

Campus Security Breaches: State Notification Statutes

drupal — Thu, 14 Dec 2006 14:33:19 -0600

This piece addresses the implications of security breach notification laws for colleges and universities. In particular, the applicability of these laws to both public and private institutions, the compliance obligations imposed in the event of a security breach, and whether the obligations vary for in-state versus out-of-state students and employees.

Major breach of UCLA's computer files

drupal — Tue, 12 Dec 2006 13:35:27 -0600

"Personal information on 800,000 students, alumni and others is exposed. Attacks lasted a year, the school says."

Incident Response at UT Austin

drupal — Tue, 23 May 2006 10:13:27 -0500

An interview with VP for IT Dan Updegrove. The recent break-in to an administrative database at the McCombs School of Business at UT Austin (TX), discovered April 21, 2006, may have compromised the personal data of a very large number of individuals. Early reports stated there were about 197,000 records in the database. We caught up with VP for IT Dan Updegrove for an update and some of his impressions after the first two weeks of the institution's incident response.

Defining Incident Management Processes for CSIRTs: A Work in Progress

drupal — Wed, 27 Apr 2005 12:16:33 -0500

This report presents a prototype best practice model for performing incident management processes and functions. It defines the model through five high-level incident management processes: Prepare/Sustain/Improve, Protect Infrastructure, Detect Events, Triage Events, and Respond. Workflow diagrams and descriptions are provided for each of these processes.