A security breach at UC Berkeley in August 2004 exposed personal data of 1.4 million individuals due to a known vulnerability that was not patched. Investigations revealed that universities, often lacking accountability and robust security measures, are frequent targets for hackers, leading to risks not only for themselves but also for others that may suffer from subsequent attacks. The document calls for the establishment of security policies that balance student access with risk management, and identifies the need for clear accountability within educational institutions.

1. Read the Case Study at the end of Chapter 7. Perform the
following and present the results in a 1- to 2-page report:
Hackers broke into a computer at the University of California at
Berkley recently and gained access to 1.4 million names, Social
Security numbers, addresses, and dates of birth that were being
used as part of research project. The FBI, the California
Highway Patrol, and California Department of Social Services
were investigating the incident which happened in August 2004.
Security personnel were performing a routine test of intrusion
detection when they noticed that an unauthorized user was
attempting to gain access to the computer. A database with a
known security flaw was exploited, and a patch was available
that would have prevented the attack. The negligence in
attending to the known security flaw appears to be a common
mistake among institutes of higher learning in the state. Banks,
government agencies, and schools are known to be the top
targets for hackers. Hackers may attack financial institutions in
an effort to profit from the crime, and government agencies to
gain notoriety. Private companies generally have made at least
some effort to ensure that data is secure, but hackers attack
institutes of higher learning often because there are frequent
lapses in security. This presents a problem not only for the
university, but also is a danger to other entities, since denial-of-
service attacks may be generated from the compromised
university computers. One of the problems at universities may
be the lack of accountability or overreaching department that
has authority to oversee all systems, and limit modifications. In
the name of learning, many lesser qualified individuals,
sometimes students, are given authority make modifications to
operating systems and applications. This presents a continuing
problem for administrators and represents a threat to all who
access the Internet.
UC Berkeley Case Study

2. Financial and government organizations store a good deal of
personal information, such as Social Security numbers, birth
dates, and addresses. As a result, they have been attractive
targets for hackers. Because most of these institutions have
improved their access controls, hackers may choose instead to
attack organizations with similarly valuable data but lower
security.
Read the Case Study at the end of Chapter 7. Perform the
following and present the results in a 1- to 2-page report:
·
Define a set of policies and procedures that would allow
educational institutions to limit vulnerabilities while still
allowing students access to academic systems.
·
Determine who should be ultimately accountable for ensuring
that a security policy is in place and is enforced.
·
Identify the person at your school who is responsible for
maintaining the security policy and prepare your
recommendations as a memo to him or her
.