ITS631 Cumberland County Government Laptop Compromised Case Discussion


Cumberland County College

Question Description

Find at least 2 articles relating to the case study described below Dark Reading is a good site for security-related articles). In a minimum of 250-words, summarize the policy and process failures that allowed the breach to occur. Address the impact to an organization when this type of breach occurs, and discuss the steps that you would have taken to ensure that this type of breach wouldn't occur in your organization.

Government Laptop Compromised

On October 31, 2012, NASA notified its employees that a laptop containing personal infor- mation on more than 10,000 employees was stolen. The theft occurred when a laptop containing the information was taken from a locked car. The laptop had a password, but the hard drive was not encrypted. The NASA announcement included a statement that the IT security policies and practices were under review. Additionally, several immediate actions were undertaken, including requiring that all laptops that leave NASA facilities be encrypted.

While the details of the theft are unclear, what is clear is that the laptop was left unattended in a locked car. At many organizations, that would be considered a violation of acceptable use policy. Leaving a laptop with sensitive information unattended is not good practice. Typically, such policies require someone to maintain physical possession of devices when they are brought into public spaces, and to carry them into airline cabins rather than leave them in checked bags.

Also, full disk encryption is commonplace in the industry. For NASA not to require full disk encryption and to permit sensitive information to be placed on a laptop is to be out of compliance with industry norms.

In this case, this was a failure of policy as much as individual actions. Had the laptop been fully encrypted, the loss would have been limited to the device itself. Although the theft probably indicated a violation of acceptable use policy, the actual damage resulting in employees having their personal information stolen and the impact on NASA’s reputation could have been avoided.

Final Answer


Running head: SECURITY





For this case, the failure is in the process of storing sensitive data. In this instance, NASA
had not developed an elaborate process of making sure that sensitive data is stored in a manner
that is secure. For example, they would have put in place regulations that required the laptops
that have sensitive information to be stored inside the company and only to be accessed when the

Kishnewt2017 (29893)

Top quality work from this tutor! I’ll be back!

Heard about Studypool for a while and finally tried it. Glad I did caus this was really helpful.

Thank you! Reasonably priced given the quality


Brown University

1271 Tutors

California Institute of Technology

2131 Tutors

Carnegie Mellon University

982 Tutors

Columbia University

1256 Tutors

Dartmouth University

2113 Tutors

Emory University

2279 Tutors

Harvard University

599 Tutors

Massachusetts Institute of Technology

2319 Tutors

New York University

1645 Tutors

Notre Dam University

1911 Tutors

Oklahoma University

2122 Tutors

Pennsylvania State University

932 Tutors

Princeton University

1211 Tutors

Stanford University

983 Tutors

University of California

1282 Tutors

Oxford University

123 Tutors

Yale University

2325 Tutors