Security Related Discussion

Anonymous
timer Asked: Jul 1st, 2019
account_balance_wallet $10

Question Description

Find at least 2 articles relating to the case study described below Dark Reading is a good site for security-related articles). In a minimum of 250-words, summarize the policy and process failures that allowed the breach to occur. Address the impact to an organization when this type of breach occurs, and discuss the steps that you would have taken to ensure that this type of breach wouldn't occur in your organization.

Government Laptop Compromised

On October 31, 2012, NASA notified its employees that a laptop containing personal infor- mation on more than 10,000 employees was stolen. The theft occurred when a laptop containing the information was taken from a locked car. The laptop had a password, but the hard drive was not encrypted. The NASA announcement included a statement that the IT security policies and practices were under review. Additionally, several immediate actions were undertaken, including requiring that all laptops that leave NASA facilities be encrypted.

While the details of the theft are unclear, what is clear is that the laptop was left unattended in a locked car. At many organizations, that would be considered a violation of acceptable use policy. Leaving a laptop with sensitive information unattended is not good practice. Typically, such policies require someone to maintain physical possession of devices when they are brought into public spaces, and to carry them into airline cabins rather than leave them in checked bags.

Also, full disk encryption is commonplace in the industry. For NASA not to require full disk encryption and to permit sensitive information to be placed on a laptop is to be out of compliance with industry norms.

In this case, this was a failure of policy as much as individual actions. Had the laptop been fully encrypted, the loss would have been limited to the device itself. Although the theft probably indicated a violation of acceptable use policy, the actual damage resulting in employees having their personal information stolen and the impact on NASA’s reputation could have been avoided.


Tutor Answer

Kishnewt2017
School: UCLA

Attached.

Running head: SECURITY

1

Security
Name
Institution

SECURITY

2

For this case, the failure is in the process of storing sensitive data. In this instance, NASA
had not developed an elaborate process of making sure that sensitive data is stored in a manner
that is secure. For example, they would have put in place regulations that required the laptops
that have sensitive information to be stored inside the company and only to be accessed when the
empl...

flag Report DMCA
Review

Anonymous
awesome work thanks

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors