ZuoTi.Pro
Question

CASE STUDY U.S. Office of Personnel Management Data Breach: No Routine Hack The U.S. Office of Personnel Management (OPM) is conducted, may have been extracted. Government offi responsible for recruiting and retaining a world-class cials say that the exposure of security clearance irn workforce to serve the American people and is also mation could pose a problem for years responsible for background investigations on pro- spective employees and security clearances. In June the OPM system, and its records were protected du The Central Intelligence Agency (CIA) does not use 2015, the OPM announced that it had been the target the breach. However, intelligence and congressional of a data breach targeting the records of as many as officials worried that the hackers or Chinese intelli- 4 million people. In the following months, the num gence operatives could still use the detailed OPM infor- ber of stolen records was upped to 21.5 million. This mation they did obtain to identify U.S. spies by process as no routine hack. It is the greatest theft of sensi- of elimination. If they combined the stolen data with other information gathered over time, they could use big data analytics to identify operatives. tive personnel data in history Information targeted in the breach included person- ally identifiable information such as social security numbers as well as names, dates and places of birth, and addresses. Also stolen was detailed security clearance related background information. This included records of people who had undergone back- ground checks but who were not necessarily current or former government employees. The potential exposure of U.S. intelligence officers could prevent many of them from ever being posted abroad again. Adm. Michael S. Rogers, director of the National Security Agency, suggested that the person- nel data could also be used to develop ing attacks on government officials. In such attacks, victims are duped into clicking on what appear to be emails from people they know, allowing mal their computer networks. spear phish- The data breach is believed to have begun in March iced by the ware into 2014 and perhaps earlier, but it was not not OPM until April 2015, and it is unclear how it was actu T had finished implementing new security procedur The stolen data also included 5.6 million sets of ally discovered. The intrusion occurred before OPM ingerprints. According to biometrics expert Ram secret agents esh es Kesanupalli, this could compromise t restricted remote access for network administra because they could be identified by their fingerprints 10:40 PM
media%2F41d%2F41d2f8a5-8223-4b2f-9aaa-f6
of Director for Barak Obamas 2012 presidential reelec- s managed. OPM did not systems and baseline configurations, with 11 servers tion campaign. CIO Donna Seymour, who was sup- operating without valid authorization. The auditors could not independently verify OPMs monthly auto- IT systems, was a career government employee for mated vulnerability scanning program for all servers. more than 34 years. She had some IT and management There was no senior information security specialist or roles at the Department of Defense and other agen chief information security officer (CISO) responsible and has a degree in computer science but no specific for network security. OPM lacked an effective multifac expertise in cybersecurity. It is also difficult to bring in tor authentication strategy and had poor management experienced managers from the business wor of user rights, inadequate monitoring of multiple sys- federal government pay scales are so low tems, many unpatched computers, and a decentralized mation officer (CIO) or chief information security offi- and ineffective cybersecurity function. Sensitive datacer (CISO) in the federal government would probably were unencrypted and stored in old database systems be paid about $168,000 annually, whereas an equivalent that were vulnerable. Whats more, OPM used contrac- position in the private sector would probably have tors in China to manage some of its databases. These annual compensation of $400,000. deficiencies had been pointed out to OPM over and over again since a FISMA audit in 2007. OPM had the effort to rectify years of poor IT management. OPM vulnerabilities, no security-oriented leadership, and a is moving toward more centralized management of skillful and motivated adversary maintain an inventory Director posed to advise Archuleta on how to manage risk in ld becau . A chief infor- Since the OPM break-in, there has been a massive security. Information system security officers (ISSOs) Some security experts see OPMs vulnerabilities as a report directly to a CISO. These positions are filled by sign of the times, a reflection of large volumes of data, dividuals with professional security contemporary network complexity, weak organiza- OPM hired a cybersecurity advisor, Clifton Triplett tional and cultural practices, and a legacy of outdated and increased its IT modernization budget from poorly written software. As Thomas Bayer, CIO at S31 million to $87 million, with another $21 million Standard & Poors Ratings, explained, until you have scheduled for 2016 a serious data breach like the OPM hack, everyone nvests in other things. Its only when a massive data they could have free credit monitoring for 18 mon breach occurs that organizations focus on their infra- make sure their identities had not been stolen, but it structure. The expertise and technology for halting or has been slapped with numerous lawsuits from victims OPM told current and former federal employ 台Atァ ト 10:40 PM 12/13/2018
media%2Fd09%2Fd09d2256-1ccd-4017-985a-09
310 Part Ii: Information Technology Infrastructure though the U.S. government has spent at least S65 bil- The lion on security since 2006 Morning Download: Outdated Tech Infrastructure Led to Massive OPM Breach, Wall Street Journal, July 10, 2015; Mark Mazzette and David E. Sanger, U.S. Fears Data Stolen by Chinese Hacker Could ldentify Spies,. New York Times, July 24, 2015 Damian Paletta and Danny Yadr -oPM Ratches Up Estimate of Hack S Scope- Sources: Sean Lyngas, What DHS and the FBI Learsed from the OPM Breach, FCW, January 11, 2016; Brendan L. Koerner, Inside the Cyberat tack that Shocked the U.S. Government. Wired, October 23, 2016: Michael Wall Street Journal, July 9, nd David E. Sanger, Nicole Perlroth, and Michael D. Shear, Attack 2015 Adams, Why the OPM Hack Is Worse Than You Imagined. Lawfare March 11, 2016; Adam Rice, Warnings, Neglect and a Massive OPM Breach, Search Security.com, accessed June 15, 2016: Steve Rosenbush, Gave Chinese Hackers Privileged Access to U.S. Systems New Yorl Times, June 20, 2015 CASE STUDY QUESTIONS 8-13 List and describe the security and control weaknesses at OPM that are discussed in this case. 8-15 What was the impact of the OPM hack? 8-16 Is there a solution to this problem? Explain your answer 8-14 What people, organization, and technology factors contributed to these problems? How much was management responsible? MyLab MIS Go to the Assignments section of MyLab MIS to complete these writing exercises 8-17 Describe three spoofing tactics employed in identity theft by using information systems 1041 PM 12/13/2018
business   Operations-Management   
0 0
Add a comment Improve this question Transcribed image text
Next > < Previous
Sort answers by oldest

Homework Answers

Request Professional Answer

Request Answer!

We need at least 10 more requests to produce the answer.

0 / 10 have requested this problem solution

The more requests, the faster the answer.

Request! (Login Required)

All students who have requested the answer will be notified once they are available.
Know the answer?
Add Answer to:
CASE STUDY U.S. Office of Personnel Management Data Breach: No Routine Hack The U.S. Office of...
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Log In

Sign Up

Similar Homework Help Questions

  • Read, and write a 1-page 400 WORD or more about : Uber hack - reflects many...

    Read, and write a 1-page 400 WORD or more about : Uber hack - reflects many areas of management , internal and external control failures and technology failures.The theme of your presention should focus on : 1- operational and security challenges associated with rapid corporate growth. 2- continuous upgrades and improvement . --------------------------------------------------------------------- Uber is sued over massive data breach after paying hackers to keep quiet. After Uber revealed that it paid hackers $100,000 to keep quiet about stealing the...

  • In late July 2017, senior management at Equifax, a U.S. credit-reporting company, discovered that hackers had...

    In late July 2017, senior management at Equifax, a U.S. credit-reporting company, discovered that hackers had stolen the personal data of more than 145 million U.S. customers, including names, birthdates, Social Cecurity numbers, and driver’s license information. In addition, the hackers stole credit card information for more than 200,000 Equifax customers. If that weren’t bad enough, reports soon surfaced that three top executives, including Equifax’s chief financial officer, sold close to $2 million in shares of company stock days after...

  • CASE 2.2 Business Case: Data Chaos Creates Risk Data chaos often runs rampant in service organizations,...

    CASE 2.2 Business Case: Data Chaos Creates Risk Data chaos often runs rampant in service organizations, such as health care and the government. For example, in many hospitals, each line of business, division, and department has implemented its own IT applications, often without a thorough analysis of its relationship with other departmental or divisional systems. This arrangement leads to the hospital having IT groups that specifi cally manage a particular type of application suite or data silo for a particular...

  • Case Study 1: American Water Keeps Data Flowing American Water, founded in 1886, is the largest...

    Case Study 1: American Water Keeps Data Flowing American Water, founded in 1886, is the largest public water utility in the United States. Headquartered in Voorhees, N.J., the company employs more than 7,000 dedicated professionals who provide drinking water, wastewater and other related services to approximately 16 million people in 35 states, as well as Ontario and Manitoba, Canada. Most of American Water's services support locally managed utility subsidiaries that are regulated by the U.S. state in which each operates...

  • Case Study 12: Hong Kong Police’s Project Management B Chuah Background In the 1990’s, Hong Kong...

    Case Study 12: Hong Kong Police’s Project Management B Chuah Background In the 1990’s, Hong Kong Police (HKP) was responsible for the public safety and internal security of Hong Kong. She came under the umbrella of the Security Bureau of the Government of Hong Kong. It had more than 34,000 employees, of these, over 26,000 were disciplinary staff. This was the largest department within the hierarchy of the Government of Hong Kong. The organization structure of HKP was rather complicated....

  • Please study Chapter 7,and carefully examine the case study: "Foreign Companies in China Under Attack" please...

    Please study Chapter 7,and carefully examine the case study: "Foreign Companies in China Under Attack" please I want more 700 word respond to the following Discussion Questions. 7-12. What factors do you think are behind these events? Do some research to find out whether there have been more such problems since this writing. Is it just American companies that are being targeted? 7-13. What can firms currently operating in China, or considerating investment there, do to lessen the likelihood of...

  • Please study Chapter 7,and carefully examine the case study: "Foreign Companies in China Under Attack" please...

    Please study Chapter 7,and carefully examine the case study: "Foreign Companies in China Under Attack" please I want more 700 word respond to the following Discussion Questions. 7-12. What factors do you think are behind these events? Do some research to find out whether there have been more such problems since this writing. Is it just American companies that are being targeted? 7-13. What can firms currently operating in China, or considerating investment there, do to lessen the likelihood of...

  • Case assignments must be completed with a written 2-page study on the assigned case questions in...

    Case assignments must be completed with a written 2-page study on the assigned case questions in the textbook. The format requested for these assignments is based on elaborating and including two basic parts in the essay: 1) in a bullet presentation style (one phrase each bullet), list a summary of the key issues, situations, problems, opportunities and threats you may identify as relevant; 2) answer all the questions listed in each case in two or three sound paragraphs. Use the...

  • CASE 8 Unlocking the Secrets of the Apple iPhone in the Name of access the male...

    CASE 8 Unlocking the Secrets of the Apple iPhone in the Name of access the male San Bernardino suspect's iPhone 5c. Cook stated: Antiterrorism We are challenging the FBI's demands with the deepes respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications While we believe the FBI's intentions are good, if would be wrong for the w e nt to force...

  • Normal No Spacing CASE STUDY: Yaosba Leans on IS to Stay Competitive More than ever before,...

    Normal No Spacing CASE STUDY: Yaosba Leans on IS to Stay Competitive More than ever before, Chinese retailers are facing local competition from foreign companies. China's highly regulated economy has insulated businesses from competition. Now that China is loosening its regulations in an effort to benefit from international trade, its own businesses must work harder to become more efficlent and effective and keep customers retailers. It sells other fine merchandise. One of its largest retail stores occupies 215,000 square feet...

ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT