Post 21, CIS 608

USIS failed to notice months-long hacking of its computer systems:

U.S. Investigations Services (USIS) was hacked for months, but this government agency failed to notice that their computer systems were hacked for months. This hacking compromised the records of at least 25000 DHS employees according to Homeland Security News Wire.  This was a similar type of attack by Chinese government hackers on U.S. firms. The head of SANS Alan Paller said, “The information gathered in the security clearance process is a treasure chest for cyber hackers. If the contractors and the agencies that hire them can’t safeguard their material, the whole system becomes unreliable.”  I think this applies to all types of organization, because information security is everyone’s responsibility. On the other side, employees are the biggest risk of data breach. The principle of least privilege is the most important principle in order to effectively secure information.  This week’s class discussion was a least privilege and its benefits and it applies exactly on this news. If an employee has more access than he/she needs to perform the duties, data breach might occur. Here is the link of this news. Thanks.

Source: http://www.homelandsecuritynewswire.com/dr20141105-security-contractor-usis-failed-to-notice-monthslong-hacking-of-its-computer-systems