Assignment:
Security Gaps and Mitigations
Scenario
You are the newly hired chief information officer (CIO) for Premier University, a public university with 30,000 students and approximately 5,000 faculty and staff members.
Premier University experienced a data breach approximately six months ago. During that breach, a laptop owned by the institution was stolen from a staff member's car. The staff member worked in the institution's financial aid office. The laptop was not password protected or encrypted, and data belonging to about 5,000 former students, including Social Security numbers (SSNs), name, and credit card information, was exposed.
Premier University did not have an incident response function at that time, so the university's response to the breach was poor. After the staff member reported the stolen laptop to campus police, it took the institution almost 90 days to determine that personally identifiable data was stored on the device, and then another 30 days to inform affected individuals about the breach of their information.
The breach was reported in local news media, and the institution's press representative could not answer the reporter's questions about how students should protect themselves and their data following the breach. After the news report, many Premier University alumni complained to Premier's president about the institution's poor breach response. As a result, donations from alumni have dropped slightly.
You were hired after the breach to help the institution improve its information security program.
Tasks
The Premier University president has asked you to outline potential gaps and weaknesses that lead to the data breach six months ago, and to identify potential improvements to overcome those gaps and weaknesses.
For this part of the project:
• Research the weaknesses indicated in the scenario and solutions other institutions have implemented to prevent them from occurring in the future.
• Create a professional report for the university president that addresses the following:
o The weaknesses you discovered about the data breach incident (as indicated in the scenario)
o Relevant mitigations for each weakness
• In the report, include any sources you consulted.
Submission Requirements
Format: Microsoft Word (or compatible)
Font: Arial, size 12, double-space
Citation Style: Follow your school's preferred style guide
Length: 3 to 4 pages minimum