On Friday morning, as the Dean of Technology Services, you are called into a meeting to discuss a data security breach involving a list of financial aid students The Provost, the Dean of Alumni Services and Dean of Financial Aid are also present at the meeting The data breach concerns a list that contains student's full name, social security number, and financial aid eligibility The following events occurred A staff member in the Alumni Services Office emails the Director of Financial Aid and requests two work study students He unknowingly attaches an e mail distribution list that contains all alumni e mail IDs The Director of Financial Aid attaches a file, selects Reply All, and sends the e mail back to the staff member The file contains a list of 57 students who are eligible for work study financial aid This file contains student's full name, social security number, and the amount of financial aid The staff member notices that the reply was sent to all alumni However, he did not see any problems, and went home without notifying anyone Some alumni saw the e mail, and deleted the e mail without reading it Some read the e mail and opened the attachment Several alumni e mailed college administration during the night to find out why they were on the distribution list One alumnus who works for the Department of Education's Family Policy Compliance Office opened the email and immediately forwarded the email to the Provost, the Dean of Alumni Services, and Dean of Financial Aid The alumnus is upset that students' privacy and confidentiality were compromised and further stated this is in violation of (the regulatory mandate was intentionally omitted here) After reviewing the scenario, produce a paper that answers both of the following questions Identify and briefly explain the regulatory mandate the scenario is violating Justify your response by identifying the events (i e , the number of the event) that are in clear violation of the mandate According to Turban et al (p 132), what are some security controls that the organization can implement to avoid a similar incident in the future Discuss three controls that are most important in your opinion

Answered step by step

Verified Expert Solution

Link Copied!

Question

1 Approved Answer

Posted on Nov 19, 2023

On Friday morning, as the Dean of Technology Services, you are called into a meeting to discuss a data security breach involving a list of

On Friday morning, as the Dean of Technology Services, you are called into a meeting to discuss a data security breach involving a list of financial aid students. The Provost, the Dean of Alumni Services and Dean of Financial Aid are also present at the meeting. The data breach concerns a list that contains student's full name, social security number, and financial aid eligibility. The following events occurred:

A staff member in the Alumni Services Office emails the Director of Financial Aid and requests two work-study students. He unknowingly attaches an e-mail distribution list that contains all alumni e-mail IDs.
The Director of Financial Aid attaches a file, selects Reply All, and sends the e-mail back to the staff member. The file contains a list of 57 students who are eligible for work-study financial aid. This file contains student's full name, social security number, and the amount of financial aid.
The staff member notices that the reply was sent to all alumni. However, he did not see any problems, and went home without notifying anyone.
Some alumni saw the e-mail, and deleted the e-mail without reading it.
Some read the e-mail and opened the attachment.
Several alumni e-mailed college administration during the night to find out why they were on the distribution list.
One alumnus who works for the Department of Education's Family Policy Compliance Office opened the email and immediately forwarded the email to the Provost, the Dean of Alumni Services, and Dean of Financial Aid. The alumnus is upset that students' privacy and confidentiality were compromised and further stated this is in violation of (the regulatory mandate was intentionally omitted here).

After reviewing the scenario, produce a paper that answers both of the following questions:

Identify and briefly explain the regulatory mandate the scenario is violating. Justify your response by identifying the events (i.e., the number of the event) that are in clear violation of the mandate.
According to Turban et al. (p. 132), what are some security controls that the organization can implement to avoid a similar incident in the future? Discuss three controls that are most important in your opinion.