http://www.darkreading.com/database-security/167901020/security/attacks-breaches/240006411/lessons-in-campus-cybersecurity.html By Kelly Jackson Higgins Dark Reading Aug 28, 2012 The University of Nebraska had just deployed a new security information event management (SIEM) system when an undergraduate student there apparently broke into the school's student information system, exposing sensitive information of 654,000 students, alumni, and employees. While the breach was a serious one that is still under investigation, Nebraska was actually better off in the end than most universities that get hacked. An IT staffer detected an error message in one of the university's systems at 10 p.m. on a Wednesday evening in May, and began to escalate the issue, bringing in the security team, which investigated the activity and monitored some suspicious behavior throughout the night. "By that next afternoon, we had figured out what had happened," says Joshua Mauk, information security officer for the University of Nebraska. An insider had accessed the university's PeopleSoft-based database. Mauk says the university used logs from all of its database, applications, network, and security tools -- including the SIEM -- to piece together a picture of the breach within 48 hours of its occurrence. "That [let us] provide enough information to the police for them to execute warrants to confiscate the person of interest's computing equipment that may have been used in the breach," he says. "We used this data and more to conduct a more detailed analysis, with the assistance of an external security firm, to produce a summary and timeline of what we believe the attacker did." [...]Received on Wed Aug 29 2012 - 22:45:58 PDT
This archive was generated by hypermail 2.2.0 : Wed Aug 29 2012 - 22:49:35 PDT