application security 86

Multilayered Defense Discussion

This is the scenario. An email was sent to you, the student from the President of UC:

It is with great regret that I tell you that Augusta University has experienced two cybersecurity incidents.

The university has been working closely with external cybersecurity professionals to define the scope of the first incident. On July 31, 2018, investigators determined that email accounts

accessed earlier by an unauthorized user may have given them access to the personal and protected health information of approximately 417,000 individuals. The investigation also

determined that the incident occurred on Sept. 10-11.

A second phishing attack occurred July 11, 2018, and appears to be smaller in scope. When our IT Security team became aware of the September attack, they acted immediately:

disabling the impacted email accounts, requiring password changes and monitoring our systems for additional suspicious activity. Shortly thereafter we engaged external cybersecurity

experts to determine the extent of the attack.

While the investigation verified that personal information was contained in compromised email accounts, no misuse of information has been reported at this time.

We are reporting the results of our investigation to all appropriate law enforcement and state and federal regulatory agencies.

Our IT staff also reacted quickly to contain the July 11, 2018, attack. The number of email accounts involved in this attack is fewer than those in the September attack. The investigation

into the consequences of that attack is still underway. We have again engaged experts in this area to support our work. I will share the results of that investigation with our community as soon as I am able.

UC uses Microsoft Active Directory, SharePoint, Exchange and Office 365. After reading the notice, what recommendations would you make to provide multilayered defense?