Discuss why and how leadership failed at the OPM. Do you agree?

By

This activity will address module outcomes 1, 2, 3, and 4. Upon completion of this activity, you will be able to:
Identify elements of computer security and controls. (CO 1, 2)
Examine encryption concepts and their application. (CO 1, 2)
Recognize the process and importance of authenticating user identity. (CO 1)
Analyze the importance of information security and the potential consequences following a breach. (CO 1, 2, 5)
In the not-so-distant past, hackers were able to gain access to information systems at a multitude of organizations and US agencies, including the US Postal Service, the IRS, and the Democratic Party. Though each of these attacks was significant, the loss of data as a result of the breach at the Office of Personnel Management (OPM) was unlike any other, and it may take years to fully understand the consequences related to the loss of such critical information.
According to a report released by the Committee on Oversight and Government Reform (U.S. House of Representatives, 114th Congress), the data breach at the OPM was the result of a series of gaps that included poor decisions by senior leadership, outdated technology, and challenges surrounding authentication. Multi-factor authentication can make a significant difference in securing an environment. Though this is just one solution, proper implementation could have made a difference at the OPM.
A report released by the Committee on Oversight and Government Reform U.S. House of Representatives 114th Congress listed a series of gaps in security that left the OPM vulnerable to the attack of sensitive information. One of these gaps was related to two-party authentication. Read the articles listed below and discuss the questions related to the OPM breach. You will also be prompted to explore gaps related to encryption and authentication. Use outside references if required.
Please review the following:
Mohamed, T. S. (2014). Security of Multifactor Authentication Model to Improve Authentication Systems. Information and Knowledge Management, 4(6). Retrieved from http://www.iiste.org/Journals/index.php/IKM/article/viewFile/13871/13939
Krebs on Security. (2016, September). Congressional report slams OPM on data breach. Retrieved from https://krebsonsecurity.com/2016/09/congressional-report-slams-opm-on-data-breach/
Andersen, T. (2014, September 25). Why multi-factor authentication is a security best practice. Retrieved from http://www.scmagazineuk.com/why-multi-factor-authentication-is-a-security-best-practice/article/373462/
Oversight & Government Reform. (2016, September 7). The OPM data breach: How the government jeopardized our national security for more than a generation [PDF file size 42 MB]. Retrieved from https://web.archive.org/web/20160930153838/https://oversight.house.gov/wp-content/uploads/2016/09/The-OPM-Data-Breach-How-the-Government-Jeopardized-Our-National-Security-for-More-than-a-Generation.pdff
SC Media. (2014). Understanding encryption and key management [Video file] [6 min 07 sec]. Retrieved from https://youtu.be/I_fGaB0HjFM
Respond to the following:
After the OPM breach, members of Congress noted that there were significant challenges surrounding the security related to the people, processes, and technology at the OPM. Basically, the culture was not a culture of security. The report stated that one of the primary problems at OPM was a leadership problem.
Discuss why and how leadership failed at the OPM. Do you agree?
What types of encryption and security measures were they using?
Outline the gaps related to the people, processes, and technology, and discuss the security culture (or lack thereof) at the OPM. What could have been done differently?

How to create Testimonial Carousel using Bootstrap5

Clients' Reviews about Our Services