In a minimum of 250-words, summarize the policy and process failures that allowed the breach to occur in case study mentioned below:. Address the impact t

In a minimum of 250-words, summarize the policy and process failures that allowed the breach to occur in case study mentioned below:. Address the impact to an organization when this type of breach occurs, and discuss the steps that you would have taken to ensure that this type of breach wouldn’t occur in your organization. Remember to respond to another 2 learners.

Public Sector Case study

Don't use plagiarized sources. Get Your Custom Essay on
In a minimum of 250-words, summarize the policy and process failures that allowed the breach to occur in case study mentioned below:. Address the impact t
Get an essay WRITTEN FOR YOU, Plagiarism free, and by an EXPERT!
Order Essay

In May 2013, Edward Snowden, a National Security Agency (NSA) contractor, met a journalist and leaked thousands of documents detailing how the U.S. conducts intel- ligence surveillance across the Internet. In June 2013, the U.S. Department of Justice charged Snowden with espionage. Not long afterward, Snowden left the United States and finally sought refuge in Russia. The Russian government denied any involvement in Snowden’s actions but did grant him asylum.

While this story reads like a spy novel, it raises a number of information security policy questions. For this discussion is not important whether Snowden was a traitor, a spy, or a whistleblower. The issue here is the security policies and controls that allowed a part-time NSA contractor to gain unauthorized access to highly sensitive material. This is particularly important because in April 2014, the Department of Defense announced adoption of the NIST standards. Would the Snowden breach have been prevented if the NIST standards had been adopted earlier?

Given the secret nature of the NSA, the full details of how this breach of sensitive data occurred may never come out. However, reports indicate that Snowden worked part time for an American consulting company that did work for the NSA in Hawaii. There he gained access to thousands of documents that detailed how the U.S. government works with telecommunication companies and other governments to capture and analyze traffic over the Internet. The details of the scope and nature of this global surveillance program were not publicly known and considered secret.

It’s clear from the reporting that Snowden had excessive access; that is to say, he was granted access beyond the requirements of his job. Additionally, reports indicated that he used other people’s usernames and passwords. He obtained these IDs through social engineering. Finally, consider the way in which he accessed and captured the information. Some reports indicate he used inexpensive and widely available software to electronically crawl through the agency’s networks. There are also indications that he removed the information on a USB memory stick.

If he had used a Web crawler to automate the capturing of thousands of documents, Snowden would have been using software that is widely available over the Internet, and free of charge. Web crawler software simply starts browsing a Web page looking for links and then downloads related content. A Web page then links the Web crawler to another page and the process starts all over again. Thousands of Web pages are quickly scanned in a matter of minutes or hours, depending on the content. More sophisticated Web crawler software looks for specific documents to download. Snowden worked at the NSA for several months, accumulating thousands of documents and reportedly had access

to 1.7 million documents in all. There were clear NIST framework violations. For purposes of this discussion, the focus

is on the network and social engineering. NIST publications outline other standards that were violated, such as effective security management and oversight.

The following four NIST framework network policies were clearly violated:

Sharing of passwords • Excessive access • Penetration testing • Monitoring

It’s never a good idea to share passwords. This would be a clear violation of security policy, especially by anyone handling classified data. Additionally, the level of access must be considered a policy violation. Any security framework generally prohibits granting access not related to the individual’s job function. It’s clear from the volume of material involved in the Snowden affair, and its classified nature, that the access he was granted was excessive for the role he performed.

The NIST framework outlines the guidance on penetration testing. Such testing would have clearly demonstrated the weaknesses of controls that allowed a Web crawler to scan and download thousands of documents. This type of testing and assessment would provide another opportunity to correct the network control deficiencies prior to a breach.

The NIST framework outlines the requirements for effective network monitoring. These requirements require logs to be reviewed in a timely manner. Log reviews are a detective control and essential in identifying potential hackers. Keep in mind Snowden scanned the internal network for months while downloading vast amounts of data. Hackers tend to probe a network for weaknesses prior to a breach. Assume that some of those links the Web crawler attempted to access resulted in an access violation. These violations would have been an indicator of a potential breach in progress. This type of monitoring would have provided another opportunity to correct the network control deficiencies and identify Snowden as an internal hacker.

Finally, consider the lack of controls that allowed Snowden to remove so many documents on a USB memory stick. This unusual activity could have been prevented, or, at a minimum, detected, given the volume of material extracted—especially given that many organizations have in place additional controls to monitor contractor activities.

Some of the specifics of the Snowden breach may never be known. Nonetheless, a security policy framework must be a comprehensive way of looking at information risks and ensuring there are layers of controls to prevent data breaches. This case is typical of a breach occurring over many months, indicating the breakdown of multiple controls. It represents both a lack of effective security policies and lost opportunities to detect a breach over several months.

Quick Homework Essays
Calculate your paper price
Pages (550 words)
Approximate price: -

Why Work with Us

Top Quality and Well-Researched Papers

We always make sure that writers follow all your instructions precisely. You can choose your academic level: high school, college/university or professional, and we will assign a writer who has a respective degree.

Professional and Experienced Academic Writers

We have a team of professional writers with experience in academic and business writing. Many are native speakers and able to perform any task for which you need help.

Free Unlimited Revisions

If you think we missed something, send your order for a free revision. You have 10 days to submit the order for review after you have received the final document. You can do this yourself after logging into your personal account or by contacting our support.

Prompt Delivery and 100% Money-Back-Guarantee

All papers are always delivered on time. In case we need more time to master your paper, we may contact you regarding the deadline extension. In case you cannot provide us with more time, a 100% refund is guaranteed.

Original & Confidential

We use several writing tools checks to ensure that all documents you receive are free from plagiarism. Our editors carefully review all quotations in the text. We also promise maximum confidentiality in all of our services.

24/7 Customer Support

Our support agents are available 24 hours a day 7 days a week and committed to providing you with the best customer experience. Get in touch whenever you need any assistance.

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

No need to work on your paper at night. Sleep tight, we will cover your back. We offer all kinds of writing services.

Essays

Essay Writing Service

No matter what kind of academic paper you need and how urgent you need it, you are welcome to choose your academic level and the type of your paper at an affordable price. We take care of all your paper needs and give a 24/7 customer care support system.

Admissions

Admission Essays & Business Writing Help

An admission essay is an essay or other written statement by a candidate, often a potential student enrolling in a college, university, or graduate school. You can be rest assurred that through our service we will write the best admission essay for you.

Reviews

Editing Support

Our academic writers and editors make the necessary changes to your paper so that it is polished. We also format your document by correctly quoting the sources and creating reference lists in the formats APA, Harvard, MLA, Chicago / Turabian.

Reviews

Revision Support

If you think your paper could be improved, you can request a review. In this case, your paper will be checked by the writer or assigned to an editor. You can use this option as many times as you see fit. This is free because we want you to be completely satisfied with the service offered.

See all services