Académique Documents
Professionnel Documents
Culture Documents
Background
On 3 May 2006, a Department of Veterans Affairs (VA) workstation was stolen from a VA information
expert's home in Montgomery County, Maryland. Notwithstanding the PC, an individual outer hard drive
was stolen. The outside hard drive contained the individual information (names, government disability
numbers, dates of birth, inability appraisals) for 26.5 million veterans and their mates. It ought to be
noticed that the gigantic information burglary was just a single of numerous that had been found through
the span of 1.5 years.Upon disclosure of the robbery, the VA representative promptly told the
neighborhood police and his bosses. His directors did not advise the Veterans Affairs Secretary until the
point that 16 May 2006. On 17 May 2006, the Veterans Affairs Secretary informed the FBI, who started to
Issue 1: The VA representative had approval to access and utilize the VA databases for execution of
authority obligations. He was not, in any case, approved to take it home as he had no official need the
information at home. The private information was not legitimately shielded. He neglected to watchword
secure (at the extremely least) and scramble it. For this, he gets the most elevated respects in the
blockhead class.
Issue 2: The reaction of directors and senior administrators in regards to the warning of stolen
information was unseemly and not auspicious. They neglected to decide the greatness of the information
misfortune. There was an inability to inform proper law authorization substances of the potential effect on
Issue 3: There was an absence of criticalness in advising the Secretary of Veterans Affairs by his prompt
staff. They didn't inform the Secretary until the point when 16 May 2006 – an entire 13 days after the
robbery of information. This was not unmistakably recognized as a high need occurrence and there was
an inability to catch up on the episode until after they got a call from the Inspector General.
Issue 4: Information Security authorities neglected to successfully trigger fitting notices and start an
examination of the stolen information. The data security authority's occurrence report contained
oversights and critical mistakes. This brought about missed chance to re-make the substance of the PC
and outer drive and to perceive the seriousness of the potential loss of information. The cybersecurity
operations authorities neglected to guarantee an auspicious examination and notices were made with
Issue 5: VA Policies, strategies and practices were difficult to recognize, were not present, nor were they
finished. The VA approaches and methodology for protecting against divulgence of private data were
insufficient with respect to keeping the information misfortune occurrence. The approaches and
techniques for revealing and examining lost or stolen private information not all around characterized in
the VA strategies.
Recommendations
1. Actualize a brought together Agency-Wide Information Technology (IT) security program
2. Actualize a fix administration program to guarantee projects and applications are fully informed
3. Execute viable observing of systems using electronic filtering with a specific end goal to proactively
are cutting-edge.
11. Set up one compact and clear VA arrangement on defending ensured information when put away and
not put away on a VA mechanized framework. Guarantee this approach is effectively and promptly
12. Set up a VA approach and systems which give clear and steady gauges to announcing, researching,
and following episodes of misfortune, burglary, or potential exposure of ensured information. Incorporate
particular time allotments and duties regarding announcing inside the VA levels of leadership, Office of
the Inspector General (If fitting or material) and other law authorization organizations. Guarantee the
approach and system determines when it is fitting to advise people whose ensured information may have
been bargained.