Is3350 Unit 2 Assignment 1 - 807 Words

Executive Summary on Veteran’s Affairs (VA) and Loss of Private Information IS3350 Unit 2 Assignment 1: Executive Summary on Veteran’s Affairs (VA) and Loss of Private Information Background On 3 May 2006, a Department of Veterans Affairs (VA) laptop was stolen from a VA data analyst’s home in Montgomery County, Maryland. In addition to the laptop, a personal external hard drive was stolen. The external hard drive contained the personal data (names, social security numbers, dates of birth, disability ratings) for 26.5 million veterans and their spouses. It should be noted that the massive data theft was only one of many that had been discovered over the course of 1.5 years. Upon discovery of the theft, the VA employee†¦show more content†¦This was not clearly identified as a high priority incident and there was a failure to follow up on the incident until after they received a call from the Inspector General (Opfer, 2006). Issue 4: Information Security officials failed to effectively trigger appropriate notifications and begin an investigation of the stolen data. The information security official’s incident report contained omissions and sign ificant errors. This resulted in missed opportunity to re-create the contents of the laptop and external drive and to recognize the severity of the potential loss of data. The cybersecurity operations officials failed to ensure a timely investigation and notifications were made regarding the severity of the lost data (Opfer, 2006). Issue 5: VA Policies, procedures and practices were not easy to identify, were not current, nor were they complete. The VA policies and procedures for safeguarding against disclosure of private information were inadequate with regard to preventing the data loss incident. The policies and procedures for reporting and investigating lost or stolen private data not well-defined in the VA policies (Opfer, 2006). Recommendations 1. Implement a centralized Agency-Wide Information Technology (IT) security program. 2. Implement a patch management program to ensure programs and applications are up-to-date with security patches. 3. Implement effective monitoring of networks through the use of electronic scanning in order to