SlideShare a Scribd company logo

Identity Theft ResponseYou have successfully presented an expa

Download as DOCX, PDF
L
LizbethQuinonez813

The CEO has tasked you with developing an identity theft response plan for your financial organization. This plan will outline procedures for responding to potential cyberattacks involving theft or compromise of customers' personally identifiable information (PII). You will need to consider responses to both internal incidents, like a rogue employee accessing records, and external incidents, such as a hacker breaching systems. The plan will need to address regulatory compliance, communication with leadership and authorities, and recovery of operations should PII be stolen. It will also help the organization avoid damages to its reputation and legal liability in the event of an identity theft incident.

Education
1 of 8
Identity Theft Response You have successfully presented an expanded Mobile Device Management Policy, which was approved by the CEO. He now wants you to work on a response plan for identity theft, which you proposed a few weeks earlier as part of a series of four cybersecurity projects. The CEO says to you, "The Incident Response Plan will be our company's action plan to recover should the 'worst' occur. In our case, the 'worst' would be a breach of the company's security that could occur through the theft of customers' personally identifiable information, possibly through an individual's mobile device. Such a breach could compromise the integrity of the financial institution's data." The CEO continues: “It is your responsibility to be fully prepared, and I want you to ask your team some ‘What if’ questions.” “Specifically, I want you to ask: What if our customer information system is compromised internally by a misguided employee? What do we do? And, What if the system is breached by an external hacker and all our customer records are exfiltrated and/or deleted? How would we respond?” You know that any stolen identity might be that of an employee and/or the identities within the customer information module, which would affect a large number of accounts . Either way, even the slightest breach would be serious, and not having an approved, executable plan of action would only compound the problem. Any lack of regulatory compliance by the organization could also be brought to light. The CEO closes by saying, “A comprehensive plan for identity theft response is mandatory, and it will receive a lot of scrutiny from senior leadership. Everyone in the company realizes it is a critical component of our success and continued operation. I’m counting on you to do it well.”
Identity theft is becoming more common as technology continues to advance exponentially. Mobile devices, applications, and email make it more convenient for individuals to access records and financial accounts, but also increase the risk of identity theft. As the CISO, you will be drafting an incident response plan to address identity theft for your financial organization. Identity Theft Response is the second of four sequential projects in this course. The final plan will be about 10-12 pages in length. There are 16 steps in this project and it should take about 14 days to complete. Begin with Step 1, where you will identify types of cyberattacks in which personally identifiable information could be vulnerable.Competencies Your work will be evaluated using the competencies listed below. · 1.3: Provide sufficient, correctly cited support that substantiates the writer's ideas. · 2.2: Locate and access sufficient information to investigate the issue or problem. · 8.4: Design an enterprise cybersecurity incident response plan. Project 2: Identity Theft Response Step 1: Identify Potential PII Attacks Since this project will require an enterprise cybersecurity incident response plan with considerations specifically to identity theft, types of attacks must be identified. In a table or spreadsheet, identify the types of attacks that could result in denial of access to or theft of PII (personally identifiable information). Consider both internal and external incidents and those associated with employees and/or customers. Submit your list of potential PII attacks for feedback from your CIO (course instructor). Submission for Project 2: Potential PII Cyber Incident ListIncident Response Plan
Print Computer security incident response has become an important component of information technology (IT) programs. An incident is defined as "a security event that compromises the integrity, confidentiality, or availability of an information asset" (Gordon, 2015). Any organization in the business of handling personally identifiable information (PII) should establish an incident response capability. That capability, which requires planning and resources, should consider the following guidelines (Cichonski et al., 2012): · creating an incident response policy and plan · developing procedures for performing incident handling and reporting · setting guidelines for communicating with outside parties regarding incidents · selecting a team structure and staffing model · establishing relationships and lines of communication between the incident response team and other groups, both internal (e.g., human resources and legal department) and external (e.g., law enforcement agencies) · determining what services the incident response team should provide · staffing and training the incident response team The National Institute of Standards and Technology's (NIST) Computer Security Incident Handling Guide notes the importance of continually monitoring for attacks and establishing procedures for prioritizing incidents, as well as instituting methods of collecting, analyzing, and reporting data (Cichonski et al., 2012). References Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012). Special publication 800-61, revision 2: Computer security incident handling guide: National Institute of Standards and Technology.
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.8 00-61r2.pdf Gordon, A. (Ed.) (2015). Official (ISC)2 guide to the CISSP CBK (4th ed.). CRC Press.Resources · Draft National Cyber Incident Response Plan · Cyber Incident Response: Bridging the Gap Between Cybersecurity and Emergency Management · National CSIRTs and Their Role in Computer Security Incident Response · Data Breach Response: A Guide for Business · Cybersecurity Incident Reports · Incident Response Theft of PII (Personally Identifiable Information) Print The importance of personally identifiable information (PII), and the need for its security, can be illustrated with a typical trip to a doctor's office. When the doctor comes to see you in the examination room, he or she may have a handheld computer that includes your personal medical data. And if the doctor's computer is linked to a health care organization or a hospital's mainframe, any physician from within the organization may access that information at any time. While this ability to access information from anywhere in a timeless fashion may be an advantage, it also has its shortcomings. If there is a breach, important information could be lost or used for nefarious purposes, and the cost to an organization can be significant, both personally and financially. In June 2015, the federal Office of Personnel Management (OPM) was hacked, and a large amount of PII, including Social Security numbers from people and relatives of those who applied for a government background investigation, was taken. Fingerprints from the database were also compromised, as well as usernames and passwords (OPM, 2016). OPM said that 21.5 million Social Security numbers were taken. The breach sparked a class-action lawsuit from the American Federation of Government Employees against the federal
government. The union was seeking $1 billion in damages (Hopkins, 2015). PII is defined by the federal government as "any information about an individual maintained by an agency, including (GAO, 2008): 1. any information that can be used to distinguish or trace an individual's identity, such as name, social security number, date and place of birth, mother's maiden name, or biometric records; and 2. any other information that is linked or linkable to an individual," such as medical, educational, financial, and employment information. The list of possible PII is extensive, and the examples below are just a representation of information that could be considered PII (McCallister et al., 2010): 1. name (e.g., full name, maiden name, mother's maiden name, alias) 2. personal identification number, such as Social Security number, passport number, driver's license number, taxpayer identification number, patient identification number, and financial account or credit card number 3. address information, such as street address or email address 4. asset information, such as an Internet Protocol (IP) or Media Access Control (MAC) address or other host-specific identifier that consistently links to a particular person or well-defined group 5. telephone numbers, including mobile, business, and personal numbers 6. personal characteristics, including photographs, x-rays, fingerprints, or other biometric image or template data (e.g., retina scan, voice signature, facial geometry) 7. information identifying property, such as vehicle registration number or title number and related information 8. information about an individual that is linked or linkable to one of the above (e.g., date of birth, place of birth, race, religion, weight, activities, geographical indicators,
employment information, medical information, education information, financial information) Any organization that handles PII should have mechanisms to identity and protect the PII of its clients. Privacy threshold analyses (PTAs) are one of the most widely used PII protections for organizations. PTAs are simple questionnaires that are completed by the system owner in collaboration with the data owner, and are usually submitted to an organization's privacy office for review and approval (McCallister et al., 2010). PTAs are used to determine if a system contains PII. In the federal government, they are used to determine whether a Privacy Impact Assessment (PIA) or a System of Records Notice (SORN) is required, and if any other privacy requirements apply to the information system (McCallister et al., 2010). The Department of Homeland Security (DHS) also has its own PIA, which is required under the E-Government Act of 2002 and the Homeland Security Act of 2002. Under this policy, a PIA is required when developing or procuring a new program or system or revising an existing program or system dealing with PII, for budget submissions affecting PII, with pilot tests affecting PII, and when issuing rules involving PII (DHS, 2012). Federal guidelines also specify three levels of potential impact—low, medium, and high—in case of a security breach, defined as a loss of confidentiality, integrity, or availability (NIST, 2004). Details are found in the Federal Information Processing Standards (FIPS) Publication 199: Standards for Security Categorization of Federal Information and Information Systems. The differences between each level are based on the type of adverse effects: limited, serious, or severe. A limited adverse effect would result in minor damage to operations, assets, minor financial loss or minor harm to people. A serious adverse effect is when damages to operations, assets, finances, or injury to people are "significant," and a severe adverse effect is defined as "catastrophic" with loss of life or
severe injuries (NIST, 2004). Breach of clients' PII is not something to take lightly. Every report incident of a breach of PII should be treated as a potential disaster for an organization's reputation in the marketplace. References Department of Homeland Security. (2012). Privacy threshold analysis. https://www.dhs.gov/xlibrary/assets/privacy/privacy_pta_templa te.pdf Government Accountability Office (GAO). (2008, May). Privacy: Alternatives exist for enhancing protection of personally identifiable information. http://www.gao.gov/new.items/d08536.pdf. Hopkins, C. (2015, June 30). OPM hit by $1 billion class-action suit following personnel hack. https://www.dailydot.com/layer8/opm-hack-lawsuit/ McCallister, E., Grance, T., & Scarfone, K. (2010). Special publication 800-122: Guide to protecting the confidentiality of personally identifiable information (PII). National Institute of Standards and Technology (NIST). http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublicati o n800-122.pdf National Institute of Standards and Technology (NIST). (2004). Federal Information Processing Standards (FIPS) publication 199: Standards for security categorization of federal information and information systems. http://csrc.nist.gov/publications/fips/fips199/FIPS- PUB-199-final.pdf OPM.gov. (2016). What happened. https://www.opm.gov/cybersecurity/cybersecurity- incidents/Resources · Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) · Handbook for Safeguarding Sensitive Personally Identifiable
Information

Recommended

The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
Jessica Graf
 
Does Your Organization Have A Privacy Incident Response Plan?
Does Your Organization Have A Privacy Incident Response Plan?Does Your Organization Have A Privacy Incident Response Plan?
Does Your Organization Have A Privacy Incident Response Plan?
bdana68
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6
seadeloitte
 
Information AssuranceChaston Carter041717 Target Corpora.docx
Information AssuranceChaston Carter041717 Target Corpora.docxInformation AssuranceChaston Carter041717 Target Corpora.docx
Information AssuranceChaston Carter041717 Target Corpora.docx
jaggernaoma
 
Responding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data BreachResponding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data Breach
CBIZ, Inc.
 
Classmate 1Cybersecurity risk can be characterized as the ris.docx
Classmate 1Cybersecurity risk can be characterized as the ris.docxClassmate 1Cybersecurity risk can be characterized as the ris.docx
Classmate 1Cybersecurity risk can be characterized as the ris.docx
bartholomeocoombs
 
Ijnsa050201
Ijnsa050201Ijnsa050201
Ijnsa050201
IJNSA Journal
 
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALINCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
IJNSA Journal
 

Recommended

The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
Jessica Graf
 
Does Your Organization Have A Privacy Incident Response Plan?
Does Your Organization Have A Privacy Incident Response Plan?Does Your Organization Have A Privacy Incident Response Plan?
Does Your Organization Have A Privacy Incident Response Plan?
bdana68
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6
seadeloitte
 
Information AssuranceChaston Carter041717 Target Corpora.docx
Information AssuranceChaston Carter041717 Target Corpora.docxInformation AssuranceChaston Carter041717 Target Corpora.docx
Information AssuranceChaston Carter041717 Target Corpora.docx
jaggernaoma
 
Responding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data BreachResponding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data Breach
CBIZ, Inc.
 
Classmate 1Cybersecurity risk can be characterized as the ris.docx
Classmate 1Cybersecurity risk can be characterized as the ris.docxClassmate 1Cybersecurity risk can be characterized as the ris.docx
Classmate 1Cybersecurity risk can be characterized as the ris.docx
bartholomeocoombs
 
Ijnsa050201
Ijnsa050201Ijnsa050201
Ijnsa050201
IJNSA Journal
 
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALINCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
IJNSA Journal
 
Intro to Information AssuranceModule 3Chaston Carter0417.docx
Intro to Information AssuranceModule 3Chaston Carter0417.docxIntro to Information AssuranceModule 3Chaston Carter0417.docx
Intro to Information AssuranceModule 3Chaston Carter0417.docx
normanibarber20063
 
wp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industrywp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industry
Numaan Huq
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Casey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
bugcrowd
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
Casey Ellis
 
wp-follow-the-data
wp-follow-the-datawp-follow-the-data
wp-follow-the-data
Numaan Huq
 
Article 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking technoArticle 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking techno
honey690131
 
Insider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdfInsider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdf
ramsetl
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
- Mark - Fullbright
 
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdf
galagirishp
 
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxRunning head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
todd581
 
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxRunning head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
glendar3
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
Tushar Rajput
 
Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015
Lawley Insurance
 
Target Data Security Breach Case Study
Target Data Security Breach Case StudyTarget Data Security Breach Case Study
Target Data Security Breach Case Study
Angilina Jones
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
AdilsonSuende
 
In this module, we examined crimes against persons, crimes against p.docx
In this module, we examined crimes against persons, crimes against p.docxIn this module, we examined crimes against persons, crimes against p.docx
In this module, we examined crimes against persons, crimes against p.docx
LizbethQuinonez813
 
In this module, we explore how sexual identity impacts the nature of.docx
In this module, we explore how sexual identity impacts the nature of.docxIn this module, we explore how sexual identity impacts the nature of.docx
In this module, we explore how sexual identity impacts the nature of.docx
LizbethQuinonez813
 
In this module, we have studied Cultural Imperialism and Americaniza.docx
In this module, we have studied Cultural Imperialism and Americaniza.docxIn this module, we have studied Cultural Imperialism and Americaniza.docx
In this module, we have studied Cultural Imperialism and Americaniza.docx
LizbethQuinonez813
 
In this Reflection Activity, you will be asked to think and write ab.docx
In this Reflection Activity, you will be asked to think and write ab.docxIn this Reflection Activity, you will be asked to think and write ab.docx
In this Reflection Activity, you will be asked to think and write ab.docx
LizbethQuinonez813
 
In this lab, you will observe the time progression of industrializat.docx
In this lab, you will observe the time progression of industrializat.docxIn this lab, you will observe the time progression of industrializat.docx
In this lab, you will observe the time progression of industrializat.docx
LizbethQuinonez813
 
In this module we have discussed an organizations design and how it.docx
In this module we have discussed an organizations design and how it.docxIn this module we have discussed an organizations design and how it.docx
In this module we have discussed an organizations design and how it.docx
LizbethQuinonez813
 

More Related Content

Similar to Identity Theft ResponseYou have successfully presented an expa

Intro to Information AssuranceModule 3Chaston Carter0417.docx
Intro to Information AssuranceModule 3Chaston Carter0417.docxIntro to Information AssuranceModule 3Chaston Carter0417.docx
Intro to Information AssuranceModule 3Chaston Carter0417.docx
normanibarber20063
 
wp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industrywp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industry
Numaan Huq
 
wp-follow-the-data
wp-follow-the-datawp-follow-the-data
wp-follow-the-data
Numaan Huq
 
Insider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdfInsider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdf
ramsetl
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
- Mark - Fullbright
 
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdf
galagirishp
 
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxRunning head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
todd581
 
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxRunning head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
glendar3
 
Target Data Security Breach Case Study
Target Data Security Breach Case StudyTarget Data Security Breach Case Study
Target Data Security Breach Case Study
Angilina Jones
 

Similar to Identity Theft ResponseYou have successfully presented an expa (16)

Intro to Information AssuranceModule 3Chaston Carter0417.docx
Intro to Information AssuranceModule 3Chaston Carter0417.docxIntro to Information AssuranceModule 3Chaston Carter0417.docx
Intro to Information AssuranceModule 3Chaston Carter0417.docx
 
wp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industrywp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industry
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
 
wp-follow-the-data
wp-follow-the-datawp-follow-the-data
wp-follow-the-data
 
Article 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking technoArticle 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking techno
 
Insider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdfInsider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdf
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
 
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdf
 
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxRunning head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
 
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxRunning head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015
 
Target Data Security Breach Case Study
Target Data Security Breach Case StudyTarget Data Security Breach Case Study
Target Data Security Breach Case Study
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
 

More from LizbethQuinonez813

In this module, we examined crimes against persons, crimes against p.docx
In this module, we examined crimes against persons, crimes against p.docxIn this module, we examined crimes against persons, crimes against p.docx
In this module, we examined crimes against persons, crimes against p.docx
LizbethQuinonez813
 
In this module, we explore how sexual identity impacts the nature of.docx
In this module, we explore how sexual identity impacts the nature of.docxIn this module, we explore how sexual identity impacts the nature of.docx
In this module, we explore how sexual identity impacts the nature of.docx
LizbethQuinonez813
 
In this Reflection Activity, you will be asked to think and write ab.docx
In this Reflection Activity, you will be asked to think and write ab.docxIn this Reflection Activity, you will be asked to think and write ab.docx
In this Reflection Activity, you will be asked to think and write ab.docx
LizbethQuinonez813
 
In this lab, you will observe the time progression of industrializat.docx
In this lab, you will observe the time progression of industrializat.docxIn this lab, you will observe the time progression of industrializat.docx
In this lab, you will observe the time progression of industrializat.docx
LizbethQuinonez813
 
In this lab, you will gather data about CO2 emissions using the .docx
In this lab, you will gather data about CO2 emissions using the .docxIn this lab, you will gather data about CO2 emissions using the .docx
In this lab, you will gather data about CO2 emissions using the .docx
LizbethQuinonez813
 
In this reflection, introduce your professor to your project. Speak .docx
In this reflection, introduce your professor to your project. Speak .docxIn this reflection, introduce your professor to your project. Speak .docx
In this reflection, introduce your professor to your project. Speak .docx
LizbethQuinonez813
 
In this course, we have introduced and assessed many noteworthy figu.docx
In this course, we have introduced and assessed many noteworthy figu.docxIn this course, we have introduced and assessed many noteworthy figu.docx
In this course, we have introduced and assessed many noteworthy figu.docx
LizbethQuinonez813
 
Inferential AnalysisChapter 20NUR 6812Nursing Research
Inferential AnalysisChapter 20NUR 6812Nursing ResearchInferential AnalysisChapter 20NUR 6812Nursing Research
Inferential AnalysisChapter 20NUR 6812Nursing Research
LizbethQuinonez813
 
Industry CompetitionChapter Outline3-1 Industry Life Cyc
Industry CompetitionChapter Outline3-1 Industry Life CycIndustry CompetitionChapter Outline3-1 Industry Life Cyc
Industry CompetitionChapter Outline3-1 Industry Life Cyc
LizbethQuinonez813
 
Infancy to Early Childhood Case AnalysisPart IFor this di
Infancy to Early Childhood Case AnalysisPart IFor this diInfancy to Early Childhood Case AnalysisPart IFor this di
Infancy to Early Childhood Case AnalysisPart IFor this di
LizbethQuinonez813
 
Infectious DiseasesNameCourseInstructorDateIntrodu
Infectious DiseasesNameCourseInstructorDateIntroduInfectious DiseasesNameCourseInstructorDateIntrodu
Infectious DiseasesNameCourseInstructorDateIntrodu
LizbethQuinonez813
 
Individual Focused Learning for Better Memory Retention Through
Individual Focused Learning for Better Memory Retention Through Individual Focused Learning for Better Memory Retention Through
Individual Focused Learning for Better Memory Retention Through
LizbethQuinonez813
 
Infectious diseases projectThis project is PowerPoint, or a pa
Infectious diseases projectThis project is PowerPoint, or a paInfectious diseases projectThis project is PowerPoint, or a pa
Infectious diseases projectThis project is PowerPoint, or a pa
LizbethQuinonez813
 
Individual Project You are a business analyst in a publicly-tr
Individual Project You are a business analyst in a publicly-trIndividual Project You are a business analyst in a publicly-tr
Individual Project You are a business analyst in a publicly-tr
LizbethQuinonez813
 
Individual DifferencesSelf-Awareness and Working wit
Individual DifferencesSelf-Awareness and Working witIndividual DifferencesSelf-Awareness and Working wit
Individual DifferencesSelf-Awareness and Working wit
LizbethQuinonez813
 

More from LizbethQuinonez813 (20)

In this module, we examined crimes against persons, crimes against p.docx
In this module, we examined crimes against persons, crimes against p.docxIn this module, we examined crimes against persons, crimes against p.docx
In this module, we examined crimes against persons, crimes against p.docx
 
In this module, we explore how sexual identity impacts the nature of.docx
In this module, we explore how sexual identity impacts the nature of.docxIn this module, we explore how sexual identity impacts the nature of.docx
In this module, we explore how sexual identity impacts the nature of.docx
 
In this module, we have studied Cultural Imperialism and Americaniza.docx
In this module, we have studied Cultural Imperialism and Americaniza.docxIn this module, we have studied Cultural Imperialism and Americaniza.docx
In this module, we have studied Cultural Imperialism and Americaniza.docx
 
In this Reflection Activity, you will be asked to think and write ab.docx
In this Reflection Activity, you will be asked to think and write ab.docxIn this Reflection Activity, you will be asked to think and write ab.docx
In this Reflection Activity, you will be asked to think and write ab.docx
 
In this lab, you will observe the time progression of industrializat.docx
In this lab, you will observe the time progression of industrializat.docxIn this lab, you will observe the time progression of industrializat.docx
In this lab, you will observe the time progression of industrializat.docx
 
In this module we have discussed an organizations design and how it.docx
In this module we have discussed an organizations design and how it.docxIn this module we have discussed an organizations design and how it.docx
In this module we have discussed an organizations design and how it.docx
 
In this lab, you will gather data about CO2 emissions using the .docx
In this lab, you will gather data about CO2 emissions using the .docxIn this lab, you will gather data about CO2 emissions using the .docx
In this lab, you will gather data about CO2 emissions using the .docx
 
In this five-page essay, your task is to consider how Enlightenment .docx
In this five-page essay, your task is to consider how Enlightenment .docxIn this five-page essay, your task is to consider how Enlightenment .docx
In this five-page essay, your task is to consider how Enlightenment .docx
 
In this reflection, introduce your professor to your project. Speak .docx
In this reflection, introduce your professor to your project. Speak .docxIn this reflection, introduce your professor to your project. Speak .docx
In this reflection, introduce your professor to your project. Speak .docx
 
In this discussion, please address the followingDiscuss how oft.docx
In this discussion, please address the followingDiscuss how oft.docxIn this discussion, please address the followingDiscuss how oft.docx
In this discussion, please address the followingDiscuss how oft.docx
 
In this course, we have introduced and assessed many noteworthy figu.docx
In this course, we have introduced and assessed many noteworthy figu.docxIn this course, we have introduced and assessed many noteworthy figu.docx
In this course, we have introduced and assessed many noteworthy figu.docx
 
In this Assignment, you will focus on Adaptive Leadership from a.docx
In this Assignment, you will focus on Adaptive Leadership from a.docxIn this Assignment, you will focus on Adaptive Leadership from a.docx
In this Assignment, you will focus on Adaptive Leadership from a.docx
 
Inferential AnalysisChapter 20NUR 6812Nursing Research
Inferential AnalysisChapter 20NUR 6812Nursing ResearchInferential AnalysisChapter 20NUR 6812Nursing Research
Inferential AnalysisChapter 20NUR 6812Nursing Research
 
Industry CompetitionChapter Outline3-1 Industry Life Cyc
Industry CompetitionChapter Outline3-1 Industry Life CycIndustry CompetitionChapter Outline3-1 Industry Life Cyc
Industry CompetitionChapter Outline3-1 Industry Life Cyc
 
Infancy to Early Childhood Case AnalysisPart IFor this di
Infancy to Early Childhood Case AnalysisPart IFor this diInfancy to Early Childhood Case AnalysisPart IFor this di
Infancy to Early Childhood Case AnalysisPart IFor this di
 
Infectious DiseasesNameCourseInstructorDateIntrodu
Infectious DiseasesNameCourseInstructorDateIntroduInfectious DiseasesNameCourseInstructorDateIntrodu
Infectious DiseasesNameCourseInstructorDateIntrodu
 
Individual Focused Learning for Better Memory Retention Through
Individual Focused Learning for Better Memory Retention Through Individual Focused Learning for Better Memory Retention Through
Individual Focused Learning for Better Memory Retention Through
 
Infectious diseases projectThis project is PowerPoint, or a pa
Infectious diseases projectThis project is PowerPoint, or a paInfectious diseases projectThis project is PowerPoint, or a pa
Infectious diseases projectThis project is PowerPoint, or a pa
 
Individual Project You are a business analyst in a publicly-tr
Individual Project You are a business analyst in a publicly-trIndividual Project You are a business analyst in a publicly-tr
Individual Project You are a business analyst in a publicly-tr
 
Individual DifferencesSelf-Awareness and Working wit
Individual DifferencesSelf-Awareness and Working witIndividual DifferencesSelf-Awareness and Working wit
Individual DifferencesSelf-Awareness and Working wit
 

Recently uploaded

Recently uploaded (20)

FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdfFICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
Our Environment Class 10 Science Notes pdf
Our Environment Class 10 Science Notes pdfOur Environment Class 10 Science Notes pdf
Our Environment Class 10 Science Notes pdf
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
dusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learningdusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learning
 
Tatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf artsTatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf arts
 
Introduction to TechSoup’s Digital Marketing Services and Use Cases
Introduction to TechSoup’s Digital Marketing Services and Use CasesIntroduction to TechSoup’s Digital Marketing Services and Use Cases
Introduction to TechSoup’s Digital Marketing Services and Use Cases
 
How to Add a Tool Tip to a Field in Odoo 17
How to Add a Tool Tip to a Field in Odoo 17How to Add a Tool Tip to a Field in Odoo 17
How to Add a Tool Tip to a Field in Odoo 17
 
Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111
 
PANDITA RAMABAI- Indian political thought GENDER.pptx
PANDITA RAMABAI- Indian political thought GENDER.pptxPANDITA RAMABAI- Indian political thought GENDER.pptx
PANDITA RAMABAI- Indian political thought GENDER.pptx
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 

Identity Theft ResponseYou have successfully presented an expa

  • 1. Identity Theft Response You have successfully presented an expanded Mobile Device Management Policy, which was approved by the CEO. He now wants you to work on a response plan for identity theft, which you proposed a few weeks earlier as part of a series of four cybersecurity projects. The CEO says to you, "The Incident Response Plan will be our company's action plan to recover should the 'worst' occur. In our case, the 'worst' would be a breach of the company's security that could occur through the theft of customers' personally identifiable information, possibly through an individual's mobile device. Such a breach could compromise the integrity of the financial institution's data." The CEO continues: “It is your responsibility to be fully prepared, and I want you to ask your team some ‘What if’ questions.” “Specifically, I want you to ask: What if our customer information system is compromised internally by a misguided employee? What do we do? And, What if the system is breached by an external hacker and all our customer records are exfiltrated and/or deleted? How would we respond?” You know that any stolen identity might be that of an employee and/or the identities within the customer information module, which would affect a large number of accounts . Either way, even the slightest breach would be serious, and not having an approved, executable plan of action would only compound the problem. Any lack of regulatory compliance by the organization could also be brought to light. The CEO closes by saying, “A comprehensive plan for identity theft response is mandatory, and it will receive a lot of scrutiny from senior leadership. Everyone in the company realizes it is a critical component of our success and continued operation. I’m counting on you to do it well.”
  • 2. Identity theft is becoming more common as technology continues to advance exponentially. Mobile devices, applications, and email make it more convenient for individuals to access records and financial accounts, but also increase the risk of identity theft. As the CISO, you will be drafting an incident response plan to address identity theft for your financial organization. Identity Theft Response is the second of four sequential projects in this course. The final plan will be about 10-12 pages in length. There are 16 steps in this project and it should take about 14 days to complete. Begin with Step 1, where you will identify types of cyberattacks in which personally identifiable information could be vulnerable.Competencies Your work will be evaluated using the competencies listed below. · 1.3: Provide sufficient, correctly cited support that substantiates the writer's ideas. · 2.2: Locate and access sufficient information to investigate the issue or problem. · 8.4: Design an enterprise cybersecurity incident response plan. Project 2: Identity Theft Response Step 1: Identify Potential PII Attacks Since this project will require an enterprise cybersecurity incident response plan with considerations specifically to identity theft, types of attacks must be identified. In a table or spreadsheet, identify the types of attacks that could result in denial of access to or theft of PII (personally identifiable information). Consider both internal and external incidents and those associated with employees and/or customers. Submit your list of potential PII attacks for feedback from your CIO (course instructor). Submission for Project 2: Potential PII Cyber Incident ListIncident Response Plan
  • 3. Print Computer security incident response has become an important component of information technology (IT) programs. An incident is defined as "a security event that compromises the integrity, confidentiality, or availability of an information asset" (Gordon, 2015). Any organization in the business of handling personally identifiable information (PII) should establish an incident response capability. That capability, which requires planning and resources, should consider the following guidelines (Cichonski et al., 2012): · creating an incident response policy and plan · developing procedures for performing incident handling and reporting · setting guidelines for communicating with outside parties regarding incidents · selecting a team structure and staffing model · establishing relationships and lines of communication between the incident response team and other groups, both internal (e.g., human resources and legal department) and external (e.g., law enforcement agencies) · determining what services the incident response team should provide · staffing and training the incident response team The National Institute of Standards and Technology's (NIST) Computer Security Incident Handling Guide notes the importance of continually monitoring for attacks and establishing procedures for prioritizing incidents, as well as instituting methods of collecting, analyzing, and reporting data (Cichonski et al., 2012). References Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012). Special publication 800-61, revision 2: Computer security incident handling guide: National Institute of Standards and Technology.
  • 4. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.8 00-61r2.pdf Gordon, A. (Ed.) (2015). Official (ISC)2 guide to the CISSP CBK (4th ed.). CRC Press.Resources · Draft National Cyber Incident Response Plan · Cyber Incident Response: Bridging the Gap Between Cybersecurity and Emergency Management · National CSIRTs and Their Role in Computer Security Incident Response · Data Breach Response: A Guide for Business · Cybersecurity Incident Reports · Incident Response Theft of PII (Personally Identifiable Information) Print The importance of personally identifiable information (PII), and the need for its security, can be illustrated with a typical trip to a doctor's office. When the doctor comes to see you in the examination room, he or she may have a handheld computer that includes your personal medical data. And if the doctor's computer is linked to a health care organization or a hospital's mainframe, any physician from within the organization may access that information at any time. While this ability to access information from anywhere in a timeless fashion may be an advantage, it also has its shortcomings. If there is a breach, important information could be lost or used for nefarious purposes, and the cost to an organization can be significant, both personally and financially. In June 2015, the federal Office of Personnel Management (OPM) was hacked, and a large amount of PII, including Social Security numbers from people and relatives of those who applied for a government background investigation, was taken. Fingerprints from the database were also compromised, as well as usernames and passwords (OPM, 2016). OPM said that 21.5 million Social Security numbers were taken. The breach sparked a class-action lawsuit from the American Federation of Government Employees against the federal
  • 5. government. The union was seeking $1 billion in damages (Hopkins, 2015). PII is defined by the federal government as "any information about an individual maintained by an agency, including (GAO, 2008): 1. any information that can be used to distinguish or trace an individual's identity, such as name, social security number, date and place of birth, mother's maiden name, or biometric records; and 2. any other information that is linked or linkable to an individual," such as medical, educational, financial, and employment information. The list of possible PII is extensive, and the examples below are just a representation of information that could be considered PII (McCallister et al., 2010): 1. name (e.g., full name, maiden name, mother's maiden name, alias) 2. personal identification number, such as Social Security number, passport number, driver's license number, taxpayer identification number, patient identification number, and financial account or credit card number 3. address information, such as street address or email address 4. asset information, such as an Internet Protocol (IP) or Media Access Control (MAC) address or other host-specific identifier that consistently links to a particular person or well-defined group 5. telephone numbers, including mobile, business, and personal numbers 6. personal characteristics, including photographs, x-rays, fingerprints, or other biometric image or template data (e.g., retina scan, voice signature, facial geometry) 7. information identifying property, such as vehicle registration number or title number and related information 8. information about an individual that is linked or linkable to one of the above (e.g., date of birth, place of birth, race, religion, weight, activities, geographical indicators,
  • 6. employment information, medical information, education information, financial information) Any organization that handles PII should have mechanisms to identity and protect the PII of its clients. Privacy threshold analyses (PTAs) are one of the most widely used PII protections for organizations. PTAs are simple questionnaires that are completed by the system owner in collaboration with the data owner, and are usually submitted to an organization's privacy office for review and approval (McCallister et al., 2010). PTAs are used to determine if a system contains PII. In the federal government, they are used to determine whether a Privacy Impact Assessment (PIA) or a System of Records Notice (SORN) is required, and if any other privacy requirements apply to the information system (McCallister et al., 2010). The Department of Homeland Security (DHS) also has its own PIA, which is required under the E-Government Act of 2002 and the Homeland Security Act of 2002. Under this policy, a PIA is required when developing or procuring a new program or system or revising an existing program or system dealing with PII, for budget submissions affecting PII, with pilot tests affecting PII, and when issuing rules involving PII (DHS, 2012). Federal guidelines also specify three levels of potential impact—low, medium, and high—in case of a security breach, defined as a loss of confidentiality, integrity, or availability (NIST, 2004). Details are found in the Federal Information Processing Standards (FIPS) Publication 199: Standards for Security Categorization of Federal Information and Information Systems. The differences between each level are based on the type of adverse effects: limited, serious, or severe. A limited adverse effect would result in minor damage to operations, assets, minor financial loss or minor harm to people. A serious adverse effect is when damages to operations, assets, finances, or injury to people are "significant," and a severe adverse effect is defined as "catastrophic" with loss of life or
  • 7. severe injuries (NIST, 2004). Breach of clients' PII is not something to take lightly. Every report incident of a breach of PII should be treated as a potential disaster for an organization's reputation in the marketplace. References Department of Homeland Security. (2012). Privacy threshold analysis. https://www.dhs.gov/xlibrary/assets/privacy/privacy_pta_templa te.pdf Government Accountability Office (GAO). (2008, May). Privacy: Alternatives exist for enhancing protection of personally identifiable information. http://www.gao.gov/new.items/d08536.pdf. Hopkins, C. (2015, June 30). OPM hit by $1 billion class-action suit following personnel hack. https://www.dailydot.com/layer8/opm-hack-lawsuit/ McCallister, E., Grance, T., & Scarfone, K. (2010). Special publication 800-122: Guide to protecting the confidentiality of personally identifiable information (PII). National Institute of Standards and Technology (NIST). http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublicati o n800-122.pdf National Institute of Standards and Technology (NIST). (2004). Federal Information Processing Standards (FIPS) publication 199: Standards for security categorization of federal information and information systems. http://csrc.nist.gov/publications/fips/fips199/FIPS- PUB-199-final.pdf OPM.gov. (2016). What happened. https://www.opm.gov/cybersecurity/cybersecurity- incidents/Resources · Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) · Handbook for Safeguarding Sensitive Personally Identifiable