Académique Documents
Professionnel Documents
Culture Documents
Name
Professor
Course
Date
Executive Summary
In 2015 when data breach occurred in the USA federal government, millions of data files
were affected. Computer data files of 4.2 million employees currently and previously working
were compromised. Compromised data in the breach comprised social security numbers, dates of
Reports on the data came from government workers who did not want to be mentioned because
of lack of authority. They explained that office of personal management which handles employee
Before full investigation senator Susan Collins a member of the senate intelligence
committee stated that the data breach was based in China. Zhu Haiquan the Chinese
spokesperson argued explained the attack might have been conducted from any part, it was
difficult to track the source of attack. OPM gave a media report on the cyber attack explaining
the cyber attack affected data information on the previous and current employees who worked
Mission
Lead and serve the federal government in human resource management through service and
Vision
Add four insurance carriers to federal employee insurance and dental program.
Goals
1. Pay, transform hiring and benefits in the federal government to retain and attract civilian
emerging needs
Background
Cyber security is the practice of safe guarding data and organization from unauthorized
computer hardware ad software. Cyber security and computer security are concerned with
security, however there are differences between cyber security and computer security the
differences include;
Data flows is the process of data transmission in data packets through data cables. Deploying
NFAT is the process of moving the nuclear factor of activated cells in computer forensics. The
two process involve movement in computer technology however there are differences between
the two. For instance Data flow involves data movement for the purpose of data processing while
deploying NFAT is a process of moving factors of activated cells as part of computer forensic
investigation.
Vulnerabilities
People
Workers in the federal government are responsible for security of information of former
and current employees. There are protocols that are followed to ensure security measures are
employed professionally, however if the protocols are not followed security risks increase. There
are several ways employees makes the organization prone to vulnerabilities, for instance
employee according to the OPM had not set up strong security passwords. Weak passwords
made it easy for hackers to guess or retrieve passwords. While using public domains the workers
enabled the remember password feature, hackers were able to retrieve the passwords.
Employees have also been reported to have left working systems after working hours,
OPM computers connected to the internet leaving them dormant have made them prone to
attacks. Employees have also been installing software from pirate websites. Software from
pirate websites are malicious the have bugs and virus. After installing the software some of those
software have been used to retrieve user names and passwords which hackers use to retrieve
Processes
Processes in the organization on data handling are organized and must be followed as
planned. Failure to follow the processes makes the organization vulnerable, processes make the
organization vulnerable in the following ways. For instance employees are supposed to login into
the data systems and perform data functions after which they are supposed to logout of the
system. Failure to follow procedures makes the organization prone to data and information hack
through the different processes. Citizens who have requested for investigation into cases, data
and information on cases is shared through the internet. Data and internet shared through the
Technology
technology in an organization is an advantage as well as a risk. Workers take time to learn new
technology and in that process the organization is prone to attacks by expert criminals who
understand the technology better. New technology that has is new in the market has not been
tested properly which makes it risky for organization to use. For instance data processing
software back up data in public cloud domain, the data and information in public cloud domains
can be accessed through simple processes such as Google search or specific search terms. New
technology which does not have tested security measures can risk data leakage, data that has
Hardware
Hardware components are used in the federal government offices to store data and information,
there are measures that are employed to ensure data is safe. If the hardware is not compatible
Data breach in USA federal government 6
with the security measures the data and information is prone to vulnerabilities such as virus and
hacks. Computer hardware must be able to handle computer software security and other security
measures involved to ensure data and information is secure. Hardware can only be accessed
through internet and software installed in the hardware. Hardware type determines security level
that can be installed in the hardware. If the secure measures set in the hardware are not
compatible to the hardware data and information will be at risk of being accessed without the
required authority.
Software.
Software are used in data storage and setting security parameters in the computer hardware.
Software security settings that are set the data becomes vulnerable to hacking and security
threats. There are new software which users install from pirate sites downloads, such software
have malicious files that are used to retrieve data and information. Software automatic
installation is a security risk, as users access public domains they come across software. Clicking
on the software initializes automatic installation in the working system, automatic installation
External Vulnerabilities
There are other vulnerabilities apart from the above mentioned. The vulnerabilities make it easy
to hack data and to make it prone to attacks from the current form on which it has been kept. For
instance network connectivity to outside organizations are an external risk because they are not
monitored. Internet access is not restricted hackers are therefore able to access the federal
government through the website. Hackers pretend to be normal internet users while in the end
they try to gain access to information which they are not allowed to access.
Data breach in USA federal government 7
Threats
Threats to the organization must be identified so set measures that will ensure the threats are dealt
with for the safety of organization data and information. There are several ways of identifying
People
There are several threats which people in the organization create, the threats created make it easy
to hack or access the data without authority. Every employee has a security duty towards
ensuring security of data, if employees are ignorant of their duties security measures on the data
are not well set up in place which then makes the data vulnerable to attacks.
Processes
There are processes that are involved in handling of data and information in the organization. If
the processes are not handled as they are to be followed data and information are at risk. There
are organizational information and data handling procedures which make it risky to handle data
and information, the processes make data and information easy for unauthorized access.
Technology
technology is changing employees have to learn new techniques on how they will handle the
data. Employees have to learn new technology that will be used in data handling, while they are
carrying out the procedures and they are not conversant with procedures the data is at risk.
External Threats
Data handling components include hardware and software components. The components might
face threats from the external environment, weather affects hardware components if its is hot or
cold components freeze of heat up and this prevents them from working properly. External
Data breach in USA federal government 8
threats are risks to data and information, failure to contain external threats makes the
organizational data and information prone to attacks. Weather condition is an external threat in
case it is hot or cold this interferes with access to information. Computer systems in poor
weather conditions failure, failures makes security measures to be at risk and while they are at
risk as system resume IT personnel have to work on the security measures to ensure they are
interact. While system are being worked on organizational information is at risk of access by
unauthorized personnel.
Risks
Management Risks
Management in the organization are the overall decision makers, before new technology can be
embraced in the organization top management must be able to make decision on whether the
technology will serve the company’s interest. If organization management make any wrong
decision while deciding any on any of the above mentioned aspects the organization data and
information will be at risk of being hacked. For instance organization management might decide
to choose certain devices that will be used to process organizational information, if the systems
do not work as expected top management have made the wrong decision and this makes
Operational Risks
Operations in an organization have to be taken in a planned process, in this case for instance
there are planned processes of handling data and information. Planned procedures in the
organization can lead to information and data vulnerability because the process expose the data.
For instance organizational data is transferred through the internet, the internet is not restricted
and this makes the process risky to intervention. Other data processes are done in the public
Data breach in USA federal government 9
domain, the public domain is not secure data and informational processes that are carried out
over the internet makes the work processes risky and the information communication can be
hacked.
Technology Risks
Every organization must embrace technology, technology in the organization helps to make work
processes easier but technology is a risk organizational data and information in several ways. For
instance if the employees are not conversant with the technology being used, lack of proper
knowledge of the technology being used by employees make it easy for hackers to have a better
chance to access information without authority. Technology as an invention has the risk of
failing at times, all organizational data and information is handled through technology. Failure of
technology used to handle data makes it easy for hackers to access the information of the same
External Risks
Apart from the internal risks in the organization there are external risks in the organization that
makes data and company information easy to access without authority. Citizens who have
requested for private investigation, hackers might impersonate them and gain entry to the
organization system without authorized access. Service providers also pose a risk to the
organization, hackers may identify weaknesses of the systems provided or they may impersonate
the service providers to gain entry which they do not have permission to access.
Classifying Risk
Data breach in USA federal government 10
Risks fall under internal or external risks to organizational data and information. All the entities
in the organization fall under internal risks while the rest are classified as external risks. People
processes and technology are internal risks while weather and all other external entities that
Countermeasures
There are internal and external and internal risks to the organization, counter measures must be
employed to minimize both the internal and external risks. Countermeasures the organization
Penetration Testing
Countermeasures that have been set up in place must be tested to understand whether they are
working properly. Every counter measure must be tested as demonstration that it is penetration
proof.
Security models are employed to ensure data and information on the organization is secure.
There are several security models that are deployed to ensure data and information is secure from
unauthorized access.
Additional security measures must be employed to ensure data and information is secure from
unauthorized access.
Recommendations
Data breach in USA federal government 11
Appendix B: Business Case for (Insert the name of your organization and make sure this is
on its own page)
I. Overall Organization Security Posture
a. Pre-Breach Posture
b. Pre-Breach Risks
c. Post-Breach Posture
d. Post-Breach Risks
II. Security Mechanisms Recommendations
III. Implementation Plan
a. Step 1 (add steps as needed and add a name to the step)
IV. Security Objectives
Data breach in USA federal government 12
a. Confidentiality
b. Integrity
c. Availability