Description
In reading the excerpt from the textbook on what happened and how Snowden was able to access the data that he did, write a mini-security policy following the security template in Chapter 7 (pg. 185). Highlight at least three policies that you feel were violated in this case and address the policies that need to be in place to prevent those violations from occurring in the future. Make sure to incluce enough detail that it could be amended to an existing policy and clear enough that any/all employees know what the new policy addresses.
Part 1:
Write 2-3 paragraphs at the beginning of your paper explaining the three issues you want to address and why. Follow APA guidelines for paper format and make sure to check spelling/grammar prior to submitting.
Part 2:
Write your mini-security policy following the template in textbook addressing the three issues you identified
Explanation & Answer
Please find the answer in the attachment below
Running head: SECURITY ISSUES & IMPLEMETNATION PROCESS
Edward Snowden Case Study
Student’s Name
Institutional Affiliation
Date
\
1
SECURITY ISSUES & IMPLEMETNATION PROCESS
2
Part 1: IT Security Issues
The case of Edward Snowden being able to leak information of how the U.S. conducts
their intelligence surveillance via the internet is an example of why every organization needs
effective practice when it comes to IT security policies and standard maintenance. Snowden was
able to do this because he worked as a National Security Agency (NSA) that enabled him to have
easy access to the U.S data control systems (Landau 2013). Additionally, he used the
identification of other people to access authorization of the unauthorized areas. He was able to
get the ID’s and different passwords through the system engineering which made it had for any
security term to be alerted of the situation and released sensitive information about the United
States government (Johnson 2015). There are three IT security policies that were affected in
Snowden case, the access control policy, password management policy, and incidence response
policy.
The access control policy will focus on ensuring that only the authorized individuals can
access confidential data and very minimal chances for an unauthorized per...