Please read the below article titled “VA Ignores Cybersecurity Warnings” https:/

Question

Please read the below article titled “VA Ignores Cybersecurity Warnings”

https://www.pcworld.com/article/126093/article.html

Note: When reading the article, place yourself in the position of the person called to prevent the situation from happening again. Where do the vulnerabilities begin?

Discuss the following questions:

1)What laws have been violated?

2)What do you think contributed to the problems that could lead to a violation of these laws?

3)What are the implications to the individual and organization of these violations?

4)What are some security controls and mitigation strategies for handling future violations? (Name three to five)

5)How does privacy law differ from information systems security?

please help me answers for the above questions

Explanation / Answer

Where do the vulnerabilities begin?

The vulnerabilities begin when the warnings issued by the Auditors were ignored by the VA. The failing grade in annual cyber security review also indicated the issue with the security and the level of risk they are at.

What do you think contributed to the problems that could lead to a violation of these laws?

The failure to implement the acts and standards needed to comply and keep data secure lead to the violation of laws. The non-compliance and failure to achieve the required controls led to the violation. Also, the lack of understanding privacy laws by the management and the inability to keep to keep their employees updated about privacy.

What laws have been violated?

Laws violated are:

The Privacy Act

HIPAA

E-Government Act

What are the implications to the individual and organization of these violations?

The ID of the individuals were compromised, all data and information related to them was at risk. The data compromised had SSN, Date of births and other personal information related to the veterans.

The organization had to bear much more financial losses that expected to fix the VA problems.

What are some security controls and mitigation strategies for handling future violations? (Name three to five)

Some Security Controls and mitigation strategies would be -

1. All employees should undergo security awareness training and employees handling sensitive data should undergo all mandatory background check and trainings.

2. Implement physical controls to restrict the access, monitor all employee movement and encrypt all sensitive data. The access to sensitive data should be restricted to employees on need to know basis

3. Periodically perform vulnerability scanning and penetration testing and also third party audits to ensure the security.

How does privacy law differ from information systems security?

Information Systems Security is keep your data protected by ensuring Confidentiality, Integrity and Availability of Data, that is, data should not be accessible to unauthorized person, data should not be altered in transit and should be available as and when required whereas Privacy is about how individuals keep information about themselves and up to what extent and what information do they want to secure.

Related Questions

Navigate

• Browse (All)
• Browse P
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.