CASE STUDY 2: Data Breaches and Regulatory requirement
The National Institute of Standards and Technology (NIST) provides an extensive amount of information, resources, and guidance on IT and information security topics. The Federal Information Security Management Act (FISMA) provides standards and guidelines for establishing information security within federal systems. However, there have been, and continues to be, numerous security incidents including data breaches within federal systems. Review the information about FISMA at the NIST Website, located at http://csrc.nist.gov/groups/SMA/fisma/index.html. Additionally, review the information, located at http://www.govtech.com/blogs/lohrmann-on-cybersecurity/Dark-Clouds-Over-Technology-042212.html, about the data breaches within government systems.
Select one (1) of the data breaches mentioned to conduct a case analysis, or select another based on your research, and research more details about that incident to complete the following assignment requirements.
Write a three to five (3-5) page paper on your selected case in which you:
Describe the data breach incident and the primary causes of the data breach.
Analyze how the data breach could have been prevented with better adherence to and compliance with regulatory requirements and guidelines, including management controls; include an explanation of the regulatory requirement (such as from FISMA, HIPAA, or others).
Assess if there are deficiencies in the regulatory requirements and whether they need to be changed, and how they need to be changed, to mitigate further data breach incidents.
Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; references must follow APA or school-specific format. Check with your professor for any additional instructions.
Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required page length.
The specific course learning outcomes associated with this assignment are:
Describe legal compliance laws addressing public and private institutions.
Examine the principles requiring governance of information within organizations.
Use technology and information resources to research legal issues in information security.
Write clearly and concisely about information security legal issues and topics using proper writing mechanics and technical style conventions.
Click here to view the grading rubric for this assignment.