TermPaperWarehouse.com - Free Term Papers, Essays and Research Documents

The Research Paper Factory

Free Essay

Lab 2 Case Study Executive Summary Is3350

In:

Submitted By Dozier97
Words 336
Pages 2
Executive Summary on Veteran’s Affairs (VA) and Loss of Private Information

On 3 May 2006, a Department of Veterans Affairs (VA) laptop was stolen from a VA data analyst’s home in Montgomery County, Maryland. In addition to the laptop, a personal external hard drive was stolen. The external hard drive contained the personal data (names, social security numbers, dates of birth, disability ratings) for 26.5 million veterans and their spouses. It should be noted that the massive data theft was only one of many that had been discovered over the course of 1.5 years. Upon discovery of the theft, the VA employee immediately notified the local police and his supervisors. His supervisors did not notify the Veterans Affairs Secretary until 16 May 2006. On 17 May 2006, the Veterans Affairs Secretary notified the FBI, who began to work with the Montgomery County police to investigate the theft.

There were two main issues in this incident that I identified. Issue 1 was the VA employees had authorization to access and use the VA databases for performance of his duties. He was not authorized to take it home as he had no official need to have the data at home. The private data was not properly safeguarded. He failed to password protect (at the very minimum) and encrypt it. Issue 2 was the response of managers and senior executives regarding the notification of stolen data were inappropriate and not timely. They failed to determine the magnitude of the data loss. There was a failure to notify appropriate law enforcement entities of the potential impact on VA programs and operations.

I would recommend that the company should implement a centralized Agency-Wide Information Technology (IT) security program. Implement a patch management program to ensure programs and applications are up-to-date with security patches. Implement effective monitoring of networks through the use of electronic scanning in order to proactively identify and correct security vulnerabilities. and deploy and install Intrusion Detection Systems (IDS) in case something happens.

Similar Documents

Premium Essay

Test

...Technical Institute IS3340 Windows Security Onsite Course SYLLABUS Credit hours: 4.5 Contact/Instructional hours: 60 (30 Theory Hours, 30 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisite: NT2580 Introduction to Information Security or equivalent Course Description: This course examines security implementations for a variety of Windows platforms and applications. Areas of study include analysis of the security architecture of Windows systems. Students will identify and examine security risks and apply tools and methods to address security issues in the Windows environment. Windows Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program:    IS4799 NT2799 IS4670 ISC Capstone Project Capstone ProjectCybercrime Forensics NSA    NT2580 NT2670  Introduction to  Information Security IS4680 IS4560 NT2580 NT2670 Email and Web Services Hacking and Introduction to  Security Auditing for Compliance Countermeasures Information Security Email and Web Services      NT1230 NT1330 Client-Server Client-Server  Networking I Networking II  IS3230 IS3350 NT1230 NT1330  Issues Client-Server Client-Server  SecurityContext in Legal Access Security Networking I Networking II   NT1110  NT1210...

Words: 2305 - Pages: 10

Popular Essays

Lab 3 Assessment Questions Is3350 Essay
Ethics Essay
Business Ethics Essay
Hepatitis a Essay
Market Equilibration Process Paper Essay
Soxhlet Essay