Running head: IMPACT OF DATA BREACH 1

Module Four Short Paper: Impact of Data Breach

Student Name

IT 412

Professor Name

South New Hampshire University

March 24, 2019

Short Paper: Impact of Data Breach

A data breach infers to an unlawful acquisition and access of unredacted and unencrypted

computerized information that compromises the confidentiality or security of private data kept

by an entity or individual (Kennedy, 2008, p. 269). In the case scenario, the security violations of

the regulations established by “Federal Information Security Management Act of 2002

(FISMA)” and breach of federal and state laws necessitates the California-based aircraft

manufacturing firm in dealings with U.S. government to follow a compliance process of

response. In this specific case of data breach, there was an ample of private data that was

embezzled comprising employee addresses, names, bank account and social security information

as well as existing aircraft designs. This incident breaks numerous concerns of state laws and

needs a multi-notification practice. With the information breach demonstrating that they were

competent to obtain staff data comprising social security statistics. One of the major state laws

that required to be taken into consideration by the corporation is “California Law AB2828”.

Quach Tiffancy (2016) mentions “currently, the law requires notification of a breach when a

California resident’s unencrypted personal information is compromised. However, effective

January 1, 2017, the amended law requires notification of a security breach when (a) there is

unauthorized acquisition of both encrypted personal information and the encryption key or

security credential, and (b) the business has a reasonable belief that the encryption key or

security credential could render such personal information readable or useable”. California law

necessitates a state or business organization to inform any California local whose unencrypted

private information, as clearly described, was acquired, or practically supposed to have been

attained, via an unsanctioned individual “(California Civ. Code s. 1798.82(a) [person or

business]) and (California Civil Code s. 1798.29(a) [agency]” (ca, 2019). In case they do not
IMPACT OF DATA BREACH 3

comply with the law, they expose themselves fit for not simply litigations from the staffs

however, might likewise experience controls from the US government for not carrying out as

they must. This “California law” outlines “encryption key” as the private key or procedure aimed

to leave the information clear (Quach, 2016).

Owning to the firm having data on government staffs the firm should adhere to the

FISMA act. This law is characteristically supposed to apply simply to government firms. But

vendors and contractors that offer facilities to handle information systems in the best interests of,

or keep close relations with a governmental firm might be held to identical standards (Ely, 2010).

Accompanied by FISMA the firm should likewise obey the “California Civ. Code s.

1798.82(a)”. While complying with FISMA the business should categorize risks, have a system

inventory and a security strategy, establish safety controls, perform risk evaluations and keep

authorization. The guidelines for warning or notice from the California state are, fair notification

of information breach, enumerate what occurred, what the firm is implementing to support and

what the client can do likewise, it will comprise where an individual can drive for additional

data. To stick to FISMA the corporation should report data security events inside one hour of

data breach. It was identified that this breach happened owning to a vulnerable remote access PC

connection a worker establishing using a simple secret word, for simplicity of working from

remote/home location. Hence, in order to manage and avoid such breach in future, it is

recommended that Aircraft Manufacturing firm to implement multifactor verification to prevent

remote worker (attacker) from obtaining access to directed networks, even while authentic

authorizations are compromised. Time-based hard token, soft token, card-based token or SMS-

based text messages are all successful approaches to protect remote site logins that can support

avoid remote invaders from getting into the company’s core networks (Bond, 2017).
IMPACT OF DATA BREACH 4

References

Bond, R. (2017, December 06). How to Prevent the Uber Hack: 5 Defensive Tactics. Retrieved

from hitachi-systems-security: https://www.hitachi-systems-security.com/blog/how-to-

prevent-the-uber-hack/

ca. (2019). Data Security Breach Reporting. Retrieved from ca:

https://oag.ca.gov/privacy/databreach/reporting

Ely, A. (2010, March 18). 10 Steps To Ace A FISMA Audit. Retrieved from informationweek:

https://www.informationweek.com/regulations/10-steps-to-ace-a-fisma-audit/d/d-

id/1087682

Kennedy, C. H. (2008). The Business Privacy Law Handbook. Artech House.

Quach, T. (2016, November 08). California Amends Data Breach Notification Law to Require

Notification of Breach of Encrypted Personal Information When Encryption Key Has

Been Leaked. Retrieved from proskauer:

https://privacylaw.proskauer.com/2016/11/articles/california/california-amends-data-

breach-notification-law-to-require-notification-of-breach-of-encrypted-personal-

information-when-encryption-key-has-been-leaked/