Skip to Main Content

CCC Information Security CenterSecurity News 05.05.16

Security News is a periodic roundup of IT security news important to the California Community Colleges. In this roundup: Reasonable Data Security Defined By California Attorney General >> UC Berkeley Once Again Becomes Victim Of Cyberattack >> Student SSNs Exposed In University Of Central Florida Breach >> A Day In The Life Of Virginia Tech’s CISO.

Reasonable Data Security Defined By California Attorney General

By Jason C. Gavejian, Jackson Lewis P.C., The National Law Review, 01.24.16

Last week, California Attorney General, Kamala D. Harris, issued the California Data Breach Report. The Report provides an analysis of the data breaches reported to the California AG from 2012-2015.

The Report details that nearly 50 million records of Californians have been breached and the majority of these breaches resulted from security failures. In fact, the Report explains that nearly all of the exploited vulnerabilities, which enabled the breaches, were compromised more than a year after the solution to address the vulnerability was publicly available.

According to Ms. Harris, “It is clear that many organizations need to sharpen their security skills, trainings, practices, and procedures to properly protect consumers.” Read More

UC Berkeley Once Again Becomes Victim Of Cyberattack

By Charlie Osborne, ZDNet, 02.29.16

ZDNet logoThe University of California, Berkeley, has admitted to a second data breach which may have exposed the data of 80,000 people to misuse.

Current and former students, faculty members and vendors linked to the university are among those who have been warned about the incident, which took place through financial management software which contained a security flaw, allowing an attacker—or group—to access internal services.

The attack took place in late-December 2015. The entry point the attacker used was the Berkeley Financial System (BFS), which the university was in the process of patching. According to UC Berkeley, the software is used for purchases and non-salary payments. Read More

Student SSNs Exposed In University Of Central Florida Breach

By Bradley Barth, SC Magazine, 02.04.16

SC Magazine logoThe University of Central Florida today publicly acknowledged a data breach in which the Social Security (SSN) numbers of 63,000 current and former students were illegally accessed.

In a statement posted on the Orlando, Fla.-based university website, UCF President John Hitt reveals that campus officials first discovered the breach in January 2016, immediately reporting the incident to law enforcement and hiring a digital forensics firm to help conduct an internal investigation.

Based on UCF's internal findings, those whose data was affected appear to be student-athletes and UCF teams' student support staff and/or student and faculty employees categorized as OPS, or Other Personal Services. This includes students enrolled in a work-study program, graduate assistants, housing resident assistants, student government leaders, adjunct faculty instructors and select faculty members.

The fact that the breach was limited to these two groups of people suggested that the hackers likely searched for weaknesses in the university's IT architecture and found vulnerable access points in systems specifically related to athletics and OPS employment, opined Clifford Neuman, director of the USC Center for Computer System Security at the University of Southern California. “The question is: Why did they [the SSNs] need to be in those particular systems?” questioned Neuman in an interview with Read More

A Day in the Life of Virginia Tech’s CISO

By SilverBull, 03.10.16

Silverbull logoAccording to Educause’s “2016 Top 10 IT Issues,” Information security is the No. 1 issue facing college and university IT departments. Learn how Virginia Tech’s CISO deals with the constant threats of being hacked.

Having a Chief Information Security Officer (CISO) or the equivalent function in an organization has become a standard in business, government and non-profit sectors. With more than 80 percent of large organizations employing a CISO, we thought it would be interesting to interview CISOs across a wide array of institutions, with varying certifications and backgrounds. Our first CISO featured in our new A Day in the Life of a CISO series is Randy Marchany.

Randy Marchany is Virginia Tech’s Information Technology Security Officer and the Director of the Virginia Tech IT Security Lab. He’s been involved in the computer industry since 1972, before the terms CISO, cyber threat and firewall existed. Randy is a co-author of the FBI/SANS Institute’s “Top 10/20 Internet Security Vulnerabilities” document which has become a standard for most computer security and auditing software. Read More

Security News is a periodic roundup of IT security news important to the California Community
Colleges. The news stories are compiled by CCC TechEDge News staff members.