Create a report for an I.T. breach response from a given scenario
Scenario
You are the newly hired chief information officer (CIO) for University, a public university with 30,000 students and approximately 5,000 faculty and staff members.
The University experienced a data breach approximately six months ago. During that breach, a laptop owned by the institution was stolen from a staff member’s car. The staff member worked in the institution’s financial aid office. The laptop was not password protected or encrypted, and data belonging to about 5,000 former students, including Social Security numbers (SSNs), name, and credit card information, was exposed.
University did not have an incident response function at that time, so the university’s response to the breach was poor. After the staff member reported the stolen laptop to campus police, it took the institution almost 90 days to determine that personally identifiable data was stored on the device, and then another 30 days to inform affected individuals about the breach of their information.
The breach was reported in local news media, and the institution’s press representative could not answer the reporter’s questions about how students should protect themselves and their data following the breach. After the news report, many University alumni complained to president about the institution’s poor breach response. As a result, donations from alumni have dropped slightly.
You were hired after the breach to help the institution improve its information security program.
Tasks
The University president has asked you to outline potential gaps and weaknesses that lead to the data breach six months ago, and to identify potential improvements to overcome those gaps and weaknesses.
For this part of the essay:
• Research the weaknesses indicated in the scenario and solutions other institutions have implemented to prevent them from occurring in the future.
• Create a professional report for the university president that addresses the following:
• The weaknesses you discovered about the data breach incident (as indicated in the scenario)
• Relevant mitigations for each weakness
• In the report, include any sources you consulted.