Q1. List and describe the security weakness at the department of Veterans Affairs.
Ans: The department of Veterans Affairs has several security problems in the areas indicated:
· Not Encrypted Records: Most noteworthy is that all the information data including names, social security numbers, health records and financial records were not encrypted. This makes any outsider easy access to sensitive information.
· Lack of Proper Rules: There are no established rules and regulations in regards to handling and managing the data systems. Among these is the relaxed feeling about this private and sensitive information allowing employees to take the office software and other accessories to their home.
· Cost Savings: The department is too overly concentrated on savings than implementing a secure IT environment. Their resistance to undergo change for a centralized management of IT programs and activities has further weakened the overall enforcement.
· CIO and Chief Information Security Officer lack direct authority to implement regulations.
The above drawbacks clearly show prominent weakness in their security system. This indeed can be rectified.
Q3. How effectively did the VA deal with these problems?
Ans: The VA did not deal with the problems effectively from the start. When the incident occurred, the superior did not tell the Inspector Generals Office and they did not inform the respective authorities. As matter of fact, Jim Nicholson, the secretary of VA learned about this after 13 days. Also, law enforcement was not informed until 2 weeks after it was discovered.
This delayed a thorough investigation to help solve the case. If the respective authorities were informed immediately it would have prevented this dilemma. Seeing the chain of events unfold it is quite obvious of their inability to handle the problem.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment