An aircraft manufacturing company located in California, with contacts in the U.S. government, had a data breach. Data stolen included employee records containing employee names, addresses, social security numbers, and bank account numbers. It also included current aircraft blueprints. It was determined that the breach occurred due to an open remote access computer an employee set up with a simple password, for ease of working from home.
After reviewing the scenario, list the laws that impact this data breach. Describe the steps the company has to take in order to comply with the identified laws. Also, describe the IT controls the company needs to set up for information security in order to prevent a similar breach in the future.
You must cite examples from state breach notification laws and FISMA.
Expert Answer
Coming to the laws that California data security breach notification law was came in to existance in 2002 and become effective on 2003.In general most of the state laws will follow basic tenets of California’s original law.
IT controls the company needs to set up for information security in order to prevent a security breach in the future.
Wheather it is a small company or big company you need to have a better plan the check the security of the company including total assests.here such plan is called security progarm and this will be planned by IT professionals.It will help you to think holistically about your organization’s security and whether it is a big or small.This program will surely help you in a manner that providing the solutions you may face and will keep the company at a desired security level.By using this we can mitigate them and we can plan how you are going to keep the program(data) safe and secure up to date.
The tasks should include in the program like Better to disable user accounts when an employee leave the organization.Check the logs on dialy basis and review it perfectly by adminstrators.Should do the regular network scans.This will help the administartor to know the issues on dialy basis and should monitor the outbound network traffic.
Complete elimination of security breeach is impossible.But if we follow the above steps we can prevent.