Security Audit This assignment will assess the following competency: Prepare for
ID: 3890452 • Letter: S
Question
Security Audit
This assignment will assess the following competency: Prepare for evidence submission while adhering to reasonable practices of Handling, Chain of custody, Collection, Identification, Transportation, Storage, and Documentation of the investigation.
Directions: Evaluate the LP3 Case Study, which is a real-world scenario, and write a security audit paper to include your case analysis procedures, findings, and conclusion in a scholarly format. You may explore other Internet-based resources to further investigate the case for your data collection.
LP3 Case Study
An internal investigation found the Department of Veterans Affairs' data security is so poor a data breach is "practically unavoidable" within 18 months, according to a draft of the VA's report. "It's practically unavoidable that a data breach to financial, medical, and personal Veteran and employee protected information may occur within the next 12 to 18 months, with no way of tracking the source of the breach," according to a report obtained by Military.com and first reported by CNBC. The VA's Office of Information & Technology Risk Management Team completed the assessment in July and found the department was "noncompliant with its own privacy and security policies and with federal laws and regulations," the draft report stated. "The VA cannot ensure the safety and privacy of Veteran and employee healthcare, benefits, and financial information," a heavily redacted version of the report stated. However, the VA claimed the report may not be completely accurate. VA officials said the assessment did not take into account all of the security factors the VA already has in place for its systems and network
Explanation / Answer
The VA accentuated the report was just an underlying draft.VA pioneers have since found a way to approve the worries in the report or set up extra insurances, an authority said.The VA did not determine why the VA's Information and Technology Risk Management Team would not know about the full scope of the VA's information security system."VA considers important its commitment to legitimately shield any individual data inside our possession.VA has set up a solid, multi-layered guard to battle advancing cybersecurity dangers," said Genevieve Billia, a VA representative.
The VA holds individual records for around 20 million veterans, representatives and wards.
In January, the VA supported a "product deformity" on its eBenefits site and discharged individual points of interest for more than 5,000 people.Two years sooner, the VA erroneously discharged information to the site Ancestry.com.
In spite of the VA's claims that the issue is not as grave as the draft report proposed, individuals from the House Committee on Veterans' Affairs are concerned.Rep. Jackie Walorski, R-Ind., said these sorts of dangers are the reason the panel requested that the VA offer credit checking administrations to veterans and wards in the VA database.
"It's officeholder upon VA to illuminate what particular bits of this report were mistaken and what changes have been made since the report has been finished," Walorski said. "Is an information rupture to veterans' money related, therapeutic and individual data 'basically unavoidable' as the report states? If not, how likely is it? VA owes it to America's veterans and American citizens to answer these inquiries in short request."
The VA's Information and Technology Risk Management Team found the VA's framework did not agree to the Health Insurance Portability and Accountability Act's Security Rule, the Federal Information Security Management Act, and the Fiscal Integrity Act."The result will be a huge plausibility that improper record access may cause unintended presentation of Veteran representative ensured data bringing about suit, Congressional examination, fines and settlements," the report expressed.
VA pioneers underscored the division has set up a "forceful program to recognize and address dangers."
The VA has outlined a framework to legitimately figure and evaluate dangers to veterans' information, an authority said."VA is focused on ensuring Veteran data, proceeding with its endeavors to fortify data security, and setting up the innovation and procedures to guarantee Veteran information at VA are secure," Billia said.