IS3350 Unit 2 Assignment 1
Background:
On 3 May 2006, a Department of Veterans Affairs (VA) laptop was stolen from a VA data analyst’s home in Montgomery County, Maryland. In addition to the laptop, a personal external hard drive was stolen. The external hard drive contained the personal data (names, social security numbers, dates of birth, disability ratings) for 26.5 million veterans and their spouses. It should be noted that the massive data theft was only one of many that had been discovered over the course of 1.5 years.
Upon discovery of the theft, the VA employee immediately notified the local police and his supervisors. His supervisors did not notify the Veterans Affairs Secretary until 16 May 2006. On 17 May 2006, the Veterans Affairs Secretary notified the FBI, who began to work with the Montgomery County police to investigate the theft.
Results and Conclusions:
Issue 1: The VA employees had authorization to access and use the VA databases for performance of official duties. He was not, however, authorized to take it home as he had no official need to have the data at home. The private data was not properly safeguarded. He failed to password protect (at the very minimum) and encrypt it (Opfer, 2006). For this, he receives the highest honors in the idiot category.
Issue 2: The response of managers and senior executives regarding the notification of stolen data was inappropriate and not timely. They failed to determine the magnitude of the data loss. There was a failure to notify appropriate law enforcement entities of the potential impact on VA programs and operations (Opfer, 2006).
Issue 3: There was a lack of urgency in notifying the Secretary of Veterans Affairs by his immediate staff. They did not notify the Secretary until 16 May 2006 – a full 13 days after the theft of data. This was not clearly identified as a high priority incident and there was a failure to follow up on the incident until after they received a call from the Inspector General (Opfer, 2006).
Issue 4:
On 3 May 2006, a Department of Veterans Affairs (VA) laptop was stolen from a VA data analyst’s home in Montgomery County, Maryland. In addition to the laptop, a personal external hard drive was stolen. The external hard drive contained the personal data (names, social security numbers, dates of birth, disability ratings) for 26.5 million veterans and their spouses. It should be noted that the massive data theft was only one of many that had been discovered over the course of 1.5 years.
Upon discovery of the theft, the VA employee immediately notified the local police and his supervisors. His supervisors did not notify the Veterans Affairs Secretary until 16 May 2006. On 17 May 2006, the Veterans Affairs Secretary notified the FBI, who began to work with the Montgomery County police to investigate the theft.
Results and Conclusions:
Issue 1: The VA employees had authorization to access and use the VA databases for performance of official duties. He was not, however, authorized to take it home as he had no official need to have the data at home. The private data was not properly safeguarded. He failed to password protect (at the very minimum) and encrypt it (Opfer, 2006). For this, he receives the highest honors in the idiot category.
Issue 2: The response of managers and senior executives regarding the notification of stolen data was inappropriate and not timely. They failed to determine the magnitude of the data loss. There was a failure to notify appropriate law enforcement entities of the potential impact on VA programs and operations (Opfer, 2006).
Issue 3: There was a lack of urgency in notifying the Secretary of Veterans Affairs by his immediate staff. They did not notify the Secretary until 16 May 2006 – a full 13 days after the theft of data. This was not clearly identified as a high priority incident and there was a failure to follow up on the incident until after they received a call from the Inspector General (Opfer, 2006).
Issue 4: