SOFTWARE AND APPLICATION SECURITY

Identify elements of computer security and controls. (CO 1, 2)
Examine encryption concepts and their application. (CO 1, 2)
Recognize the process and importance of authenticating user identity. (CO 1)
Analyze the importance of information security and the potential consequences following a breach. (CO 1, 2, 5)
On June 4, 2015, the United States Office of Personnel Management (OPM) revealed that the personal information of approximately 4.2 million federal employees was compromised as a result of a cyber intrusion. Later, in what is considered one of the largest breaches to date, the OPM reported that the security information of 21.5 million individuals was further compromised in a separate cyber attack.

As a result of the breach, national security was affected, the director of the OPM was asked to step down. Many wonder how the attack happened and what could be done to protect U.S. citizens in the future. Understanding the attack and how to minimize these types of breaches is essential.

For this assignment, you will be asked to examine reports regarding the OPM breach and write a short analysis about the source of the attack, the methodology, the consequences, and the response.

Read the articles related to the OPM Breach:

Oversight & Government Reform. (2016, September 7). The OPM data breach: How the government jeopardized our national security for more than a generation (Links to an external site.) [PDF file size 42 MB]. Retrieved from https://oversight.house.gov/wp-content/uploads/2016/09/The-OPM-Data-Breach-How-the-Government-Jeopardized-Our-National-Security-for-More-than-a-Generation.pdf
Congressional Research Service. (2015, July 17). Cyber intrusion into U.S. office of personnel management: In brief (Links to an external site.) [PDF file size 239 KB]. Retrieved from https://www.fas.org/sgp/crs/natsec/R44111.pdf
Krebs on Security. (2016, September). Congressional report slams OPM on data breach (Links to an external site.). Retrieved from https://krebsonsecurity.com/2016/09/congressional-report-slams-opm-on-data-breach/
Naylor, B. (2016, June). One year after OPM data breach, what has the government learned (Links to an external site.)? Retrieved from http://www.npr.org/sections/alltechconsidered/2016/06/06/480968999/one-year-after-opm-data-breach-what-has-the-government-learned
U.S. Office of Personnel Management. (2015, June). Actions to strengthen cybersecurity and protect critical IT systems (Links to an external site.) [PDF file size 440 KB]. Retrieved from https://www.opm.gov/cybersecurity/cybersecurity-incidents/opm-cybersecurity-action-report.pdf

https://www.federaltimes.com/smr/opm-data-breach/2015/06/19/opm-breach-a-failure-on-encryption-detection/
https://krebsonsecurity.com/2016/09/congressional-report-slams-opm-on-data-breach/

Write a short, 1-3 page paper and respond to the following questions:1

Describe the attack. Based on the readings:
Who were the attackers (threat agents)?
What was their motivation?
What data did they access?
What assets and systems were attacked?
How did they carry out the attack?
How did they attempt to avoid detection?
What were the obvious (and not so obvious) consequences of the attack?
What gaps were there in OPM defenses?
According to the report from Congress, what could have been done to prevent or minimize the impact of such an attack (manage risk and reduce impact)?
What has been done to improve security at the OPM?