Vincent Cooper Cyb 260 Module Fourt Privacy Laws and Compliance Controls (1)

.docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

260

Subject

Computer Science

Date

Feb 20, 2024

Type

docx

Pages

Uploaded by AdmiralMorningCapybara30

1 4-3 Activity: Privacy Laws & Compliance Controls Vincent K. Cooper Department of Computer Science, Southern New Hampshire University CYB-260-R3460 Legal and Human Factors of Cyb February 8 th , 2024

2 4-3 Activity: Privacy Laws & Compliance Controls 1. Summarize: On April 15 th , 2015, the OPM discovered that millions of background checks which contained very sensitive data had been compromised. This data came in the form of SF-86 forms that contain the background check information. Even biometric data was compromised and made services that used this form of security now unsafe. Even though the data was stolen, it is said that the data hasn’t been used since the security breach happened. The breach was originally discovered by security engineer, Brendan Saulsbury. Brendan was decrypting pieces of the Secure Sockets Layer (SSL) which is data traffic that moves through the OPM’s private network. What was alarming to him was outbound traffic that wasn’t normally there. This was the first sign that the OPM’s network had become insecure. In 2013, a cyber attack that began the domino effect of the series of events that led to the 2015 attack, took place. In 2013, the hackers were able to obtain blueprints of the OPM’s network which gave them details on how it was set up and secured. The OPM decided to monitor this attack instead of acting before deciding in May of 2014 to do a complete system reset. This reset was supposed to effectively purge the hackers from the network. This same month, another group used login credentials stolen from a key point that was obtained from a previous hack into the OPM network done by the ‘previous group’. With this information, they were able to create a ‘back door’ into the network which effectively made them undetectable when logging into and accessing the network. The OPM had no clue until April 15 th , 2015. Due to the network infrastructure being focused on preventative measures rather than also utilizing and simultaneously focusing on security solutions, their network was compromised by these hackers for possibly over a year without their knowledge.

3 4-3 Activity: Privacy Laws & Compliance Controls 2. Privacy Laws: After carefully reviewing each privacy law from the list, I decided that both the E- Government Act of 2002 and Federal Information Security Management Act (FISMA) of 2002 relate the most to the scenario. The E-Government Act was enacted to improve the way electronic government processes flow by electing a Federal Chief Information Officer from the Office of Management and Budget. Basically, its purpose is to make a way for Federal Agencies to take advantage of how much faster and efficient government processes are with the use of computers and networks. This includes interactions with citizens and government entities. Background checks would fall under this act. All federal agencies must comply with conducting a privacy impact assessment (PIA) for all new or greatly modified technology that maintains, collects, or disseminates information that is deemed personally identifiable. This also applies to new pieces of data as well. I believe this act relates to the scenario because they would’ve had to follow this law and if they had followed the proper guidelines provided by the Office of Management and Budget (OMB) on conducting a privacy impact assessment, things could have been caught much earlier. FISMA was enacted with the purpose of improving the security and privacy of sensitive data located within the Federal Government’s computer systems. This act also requires the use and creation of computer security designs and plans which also require training for users and owners of these systems. I believe this act is relative to this scenario because the law would apply to the OPM since they were tasked with keeping sensitive data safe and they failed to do so. To be more specific, instead of coming up with a security infrastructure that could also act

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

Related Questions

You are asked to do some research, and write a report that answers the following questions about Digital Fingerprinting: You should tackle the following points: What is Digital Fingerprinting and for what purposes is it used? How does the fingerprinting algorithm work? Describe its principle of operation. Certain steps are followed to reach the desired result- either block, delete or authorize usage of content. Some cybersecurity experts say that fingerprinting is abusive and exposes the privacy issues of users. Certain solutions were done by some browsers for blocking browser fingerprinting. Describe the measures taken by any of the browsers as a fingerprint defense mechanism. List two common Fingerprinting Algorithms. Report Writing: You should follow the following guidelines while writing your report: Your report should be between 400 and 500 words in length. Ensure that your report has an appropriate structure and writing style. Your report…
You are asked to do some research, and write a report that answers the following questions about Digital Fingerprinting: You should tackle the following points: What is Digital Fingerprinting and for what purposes is it used? How does the fingerprinting algorithm work? Describe its principle of operation. Certain steps are followed to reach the desired result- either block, delete or authorize usage of content. Some cybersecurity experts say that fingerprinting is abusive and exposes the privacy issues of users. Certain solutions were done by some browsers for blocking browser fingerprinting. Describe the measures taken by any of the browsers as a fingerprint defense mechanism. List two common Fingerprinting Algorithms.

Recommended textbooks for you

Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Fundamentals of Information Systems
Computer Science
ISBN:9781305082168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,