Description
This is the first case study for the course and it will be based upon the case study text: Public Sector Case Study - Edward Snowden - pg. 226
In reading the excerpt from the textbook on what happened and how Snowden was able to access the data that he did, write a mini-security policy following the security template in Chapter 7 (pg. 185). Highlight at least three policies that you feel were violated in this case and address the policies that need to be in place to prevent those violations from occurring in the future. Make sure to incluce enough detail that it could be amended to an existing policy and clear enough that any/all employees know what the new policy addresses.
Part 1:
Write 2-3 paragraphs at the beginning of your paper explaining the three issues you want to address and why. Follow APA guidelines for paper format and make sure to check spelling/grammar prior to submitting.
Part 2:
Write your mini-security policy following the template in textbook addressing the three issues you identified.
Unformatted Attachment Preview
Purchase answer to see full attachment
Explanation & Answer
Attached.
Running head: CASE STUDY
1
Case Study
Name
Institutional Affiliation
Part 1
Public Sector Case Study
As a systems administrator, Edward Snowden conducted contract work for the NSA
where he obtained documents containing classified information that he subsequently released to
the press. However, the acquisition of such documents raised concerns about the agency’s
network security. There are three policies that Snowden violated in his search through NSA
systems that will be addressed in the present analysis. First, Snowden obtained the information
using social engineering. He used his position to acquired elevated privileges and increased
access using his colleagues’ login credentials. He proceeded to defeat security controls that were
set in place to compartmentalize data and ensure access to data on the basis of need to know.
Second, the issue of password sharing comes ...