Security Breach and Subsequent Leak of Confidential Information

1114 Words3 Pages

When I was hired to teach math at Patrick Henry High School I had no idea of the things to come. Being a math instructor, I somehow was drafted to be part of the CERT at Patrick Henry. You see, CERT stands for Computer Emergency Response Team and as a team member I have certain responsibilities once a “computer emergency” occurs. While I don’t want to spend any time defining what constitutes a “computer emergency”, I will explain the current situation in which I find myself involved.

A certain teacher at our school, who shall remain nameless, pending our CERT investigation, contracted a virus on their computer. As a classified employee, the teacher has access to files which contain students’ personal information, including their full names, home addresses, parents’ names and addresses, as well as the students’ grades for courses taken at the high school level and other personal information. Unfortunately, some of these confidential files were shared via a file sharing server and found their way into the hands of a reporter at the Las Vegas Sun. The reporter at the Sun has since written a report about the breach and has accused the school of inflating grades to boost students’ scores, finding its way into our local paper. The Patrick Henry CERT has been asked to determine the scope of the breach, investigate any whether or not any punishment is applicable and provide recommendations to avoid this in the future.

Currently, these files are stored on a secure database at the district’s headquarters but may be and are accessed at computers located at schools throughout the district. In order to access the files, one needs a computer with suitable capabilities, a typical desktop or laptop with internet access is “suitably...

... middle of paper ...

...e ftp . There was no intent to damage neither the school nor the students. The report of “boosting grades” doesn’t seem valid and the reporter’s evidence for such appears very weak. A brief look at other students’ grades in the teacher’s classes in previous semesters bears no evidence to the reporter’s claim. A statistical analysis is forthcoming which, I believe, will show this as well.

Recommendations:

1. Include in the regular scans of network usage and monitoring and ftp sites.

2. Ban the use of ftp sites while on the district network to prevent any confidential data from being transferred.

3. Educate our teachers and staff about ftp and other file sharing sites, their uses and potential hazards.

4. Add this particular protocol (ban of ftp and other file sharing sites) to the document our staff signs when getting their network user id and passwords.

More about Security Breach and Subsequent Leak of Confidential Information

Open Document