Saturday, April 25, 2009

IT Security Issues at Department of VA.

Case study Questions:

Q1:
Some of VA’s IT security issues, were such as:
1- Department of VA did not having clear rules and regulations on handling governing transfer of sensitive clients personal data. And control on where and where not, data can be transported.
2-Lack of electronic data inscription, that would further secure data from unauthorized access.
3-Lack of security measures at VA’s Office, that would have prevented the data to be accessed easily. That would have been storage of data in a special format requiring special software, and only accessible through department secure server connection and only by authorized users.

Q3:
VA did not manage the security bridge well. News on the stolen computer did not reach the chain of command properly and on time.
The incident was reported to the manager, but upper managers noticed of the incident through ‘office gossip’ and indirect meetings, clearly exhibiting organization’s lack communication and contingency plans for such crises.
Finally, it took VA office two weeks before authorities and FBI were informed. That was a long time for starting an investigation.

Q4:
As the case states, utilization of a special data handling software that would be accessible solely through VA’s server based software with passwords would be an effective way to control access to sensitive information. In addition, having a contingency plans in case of security bridge is essential and can help minimize the damage.
They also need to place Standard Operating Procedures that define extend and manners of handling sensitive data outside the organization.

No comments: