Page 65 - Cyber Warnings
P. 65
He further testified that he saw a clear and present danger as he was sighing the
document and a risk of exposing and/or compromise of sensitive data for perhaps millions of
veterans. The documents that Davis was asked to sign were Accreditation and Authorizations
[now known as C&A programs] (Miller, 2013).
Data Analysis
The analysis of these two case studies found that both were susceptible to security
breaches because of the challenges that were brought on by an ineffective security system. The
DoD system breach was only found after the system was searched.
The breach lasted 14 hours because there was no alert on the system to show that the system
was breached. The Veteran’s Administration happened because an employee was coerced to
sign certifications for agencies that had not reached accreditation status.
Both cases were shown to have challenges because managers did not understand how the
C&A process should work and did not provide a collaboration between IT and the business side
of the organization. In both cases, IT was seen as a separate entity that was not connected to
other areas of the government.
Conclusion
From these case studies and other research, it is clear that a change in the C&A process
must be made. Employing project management techniques to these projects could save time
and money. The C&A process will also need good time management, strong leadership and risk
management techniques.
References
Edwards, R. (2007). Online: Certification and Accreditation: A dilemma. ISACA. Retrieved from
http://www.isaca.org/Journal/Past-Issues/2007/Volume-3/Pages/JOnline-Certification-
and-Accreditation-A-Dilemma.aspx
Harris, E., and Perlroth, N. (2014, March 13). Target missed signs of a data breached.
Retrieved from http://www.nytimes.com/2014/03/14/business/target-missed-signs-of-a-
data-. breach.html?_r=0
Khoo, B., Harris, P., & Hartman, S. (2010). Information security governance of enterprise
information systems: An approach to legislative compliant. International Journal of
Management and Information Systems, 14(3), 49-55.
Konkel, F. (2014). Latest breach at VA has Congress asking more questions. FCW: The
Business of Federal Technology. Retrieved from
https://fcw.com/articles/2014/01/27/congress- Miller J. (2013) VA's security shortcuts put
millions of veterans' data at risk, former VA cyber official alleges Retrieved from
http://www.federalnewsradio.com/538/3344870/VAs-security-shortcuts-put-millions-of-
veterans-data-at-risk-former-VA-cyber-official-alleges-wants-answers-on-va-breach.aspx
65 Cyber Warnings E-Magazine – September 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
