Security Breach Analyst

Closed - This job posting has been filled and work has been completed.
IT & Networking Other - IT & Networking Posted 3 years ago

Fixed Price

Budget: $125
Delivery by January 27, 2013

Start Date

January 27, 2013


Please read over the comments below and respond to each of them from an Information Security Officer's Perspective.  

This should be completed in 10 hours  - 12 hours from now.

**Each comment must be at least 1 paragraph having 6-8 sentences in EACH paragraph.

Comment #1

Criminals gained access to a database containing the personal records, including Social Security numbers, grades, transcripts, and other pertinent Personal Identifiable Information (PII) of hundreds of thousands of University of some 654,000 Nebraska students, alumni and others connected to the school's four different campuses.

As a CISO role, encryption of the files is needed with a strong encryption method, such as Data Encryption Standard or Triple Data Encryption Standard (TDES) (Kellerman Software, 2008). Encryption methods reduce the likelihood of unapproved information leaks as well as the illegal information detection changes (National Institute of Standards and Technology, 2009).


National Institute of Standards and Technology (2009).  Recommended Security Controls

for Federal Information Systems and Organization (NIST-SP-800-53-Revision 3). Retrieved from


Comment #2

The ramifications of such a large scale data breach are huge for a university. A university is supposed to develop leaders, professionals, and those who go out into the world to do the jobs that America needs. If they cannot protect the data of the students, then it would make me question what kind of employees they have hired.

what might be the vulnerabilities that were exploited?

There is not enough data in the information to decide on the vulnerabilities, so this is just all a guess.
Here is my list of possibilities
• SQL injection.
• Physical access
• Trojan allowing for back door access , no need to do database downloads, because the Trojan could allow for a screen captures

, regulatory and compliance issues associated with the event?
• Privacy act
• Failure to secure PII – banking /
• Data record keeping / years keeping data (something seems odd about the years of how long they had the data)

CISO would be your recommended course/courses of action?

• Annual internal pen testing
• Redevelopment of database design to include separating sensitive data such as the PII. Multiple databases if needed. Masking / coding SSN numbers using encryption within the database.
• Database should restricted to Internal network, segmented from school network (labs, student network) possibly VLAN


Skills: design, engineering, management

About the Client

(4.88) 56 reviews

United States
Byron 04:04 PM

83 Jobs Posted
82% Hire Rate, 1 Open Job

$9,686 Total Spent
78 Hires, 3 Active

$7.16/hr Avg Hourly Rate Paid
403 Hours

Member Since Dec 25, 2012