Question 1.
There were several security weaknesses at the VA. First of all, employees could take laptops with sensitive information home and have access to the data outside of the premises. Secondly, the data were not encrypted. At the start of the investigation it was also concluded that the operation system, the password system and detection alerts were not properly secured either. The reporting procedures were not clearly outlined which resulted in the delay of the theft being reported to the law enforcement.
Question 2.
There were a lot of factors that contributed to the weaknesses listed above. First, in 2004 recommendations were made as a result of an audit to centralize IT security systems, to make sure that employees were aware of and followed rules pertaining to data access and complete the implementation of processes related to intrusion detection systems. It was noted that these suggestions were not fully implemented by the management due to strong resistance to change throughout the organization.
Question 3.
To effectively deal with the problems, a lot of changes had to be implemented at the VA. The reorganization plan for the IT operations was approved. The department needed to merge the 2 IT domains in order to fully centralize all the activities. The chief information security officer needed to have greater authority in order to enforce security policies. So, it was decided to raise in rank the chief information officer and the chief information security officer. However, it is not clear from the case study whether the VA was able to fully implement all of these measures in order to solve these issues.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment