CYS596 – Capstone Project – M1D1: Encryption, Authentication, and OPM Breach

M1D1: Encryption, Authentication, and OPM Breach

M1D1: Encryption, Authentication, and OPM Breach
This activity will address module outcomes 1, 2, 3, and 4. Upon completion of this activity, you will be able to:

• Identify elements of computer security and controls. (GQ 1, 2)
• Examine encryption concepts and their application. (GQ 1, 2)
• Recognize the process and importance of authenticating user identity. (CO 1)
• Analyze the importance of information security and the potential consequences following a breach. (CQ 1, 2, 5)

In the not-so-distant past, hackers were able to gain access to information systems at a multitude of organizations and U.S agencies, including the U.S Postal Service, the IRS, and the Democratic Party. Though each of these attacks was significant, the loss of data as a result of the breach at the
Office of Personnel Management (OPM) was unlike any other, and it may take years to fully understand the consequences related to the loss of such critical information.

According to a report released by the Committee on Oversight and Government Reform (U.S, House of Representatives, 114th Congress), the data breach at the OPM was the result of a series of gaps that included poor decisions by senior leadership, outdated technology, and challenges surrounding authentication. Multi-factor authentication can make a significant difference in securing an environment. Though this is just one solution, proper implementation could have made a difference at the OPM.

A report released by the Committee on Oversight and Government Reform U.S, House of Representatives 114th Congress listed a series of gaps in security that left the OPM vulnerable to the attack of sensitive information. One of these gaps was related to two-party authentication. Read the articles listed below and discuss the questions related to the OPM breach. You will also be prompted to explore gaps related to encryption and authentication. Use outside references if required.

Please review the following:

• Mohamed, T. S. (2014). Security of Multifactor Authentication Model to Improve
  Authentication Systems. (http://www.iiste.org/Journals/index.php/IKM/article/viewFile/13871/13939). Information and Knowledge Management, 4(6). Retrieved from
  http://www.iiste.org/Journals/index. php/IKM/article/viewFile/13871/13939
• Krebs on Security. (2016, September). Congressional report slams OPM on data breach. (https://krebsonsecurity.com/2016/09/congessional-report-slams-opm-on-data-breach/). Retrieved from https://krebsonsecurity.com/2016/09/congressional-report-slams-opm-on-data-breach/
• Andersen, I. (2014, September 25). Why multi-factor authentication is a security best (https://excelsior.instructure.com/courses/37164/files/18151022/download?download_frd=1). Retrieved from https:/Awww.scmagazineuk.com/why-multi-factor-authentication-is-a-securitybest-practice/article/540513/
• Oversight & Government Reform. (2016, September 7). The OPM data breach: How the government jeopardized our national security for more than a generation (https://excelsior.instructure.com/courses/37164/files/18151005?wrap=1). (https://excelsior.instructure.com/courses/37164/files/18151005/download) [PDF file size 44 MB]. Retrieved from https://oversight.house.gov/wp-content/uploads/2016/09/The-OPM-Data-BreachHow-the-Government-Jeopardized-Our-National-Security-for-More-than-a-Generation.pdf

Respond to the following:

• After the OPM breach, members of Congress noted that there were significant challenges surrounding the security related to the people, processes, and technology at the OPM. Basically, the culture was not a culture of security. The report stated that one of the primary problems at OPM was a leadership problem.

1. Discuss why and how leadership failed at the OPM. Do you agree?
2. What types of encryption and security measures were they using?
3. Outline the gaps related to the people, processes, and technology, and discuss the security culture (or lack thereof) at the OPM. What could have been done differently?

Post your primary response. Read any postings already provided by your instructor or fellow students. Read and respond to the conclusions drawn by at least two of your classmates. Remember to read the feedback to your own major postings and reply to it throughout the module.