NASA Case Study Report

docx

School

University of Wisconsin, Stout *

*We aren’t endorsed by this school

Course

6035

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

1

Uploaded by KidArt9882

Report
NASA Case Study Report Do you think NASA would have written the same report if NASA had been responsible for the maintenance of the system? o No. NASA sates numerous times throughout the report that they have policies and practices in place that would mitigate the issues facing JPL. In the “What We Found” section of the report, NASA mentions 3 instances where JPL “deviates” from the current established security policies and practices. This isn’t to say that NASA’s systems are perfect, there are also times within the report that NASA admits they lacked the foresight to establish certain security polices particularly Interconnection Security Agreements (ISA) to account for external devices connecting to the network. To summarize, based on the claims from NASA about how secure they are, I don’t think this report would’ve been written as NASA would’ve been able to mitigate the 2018 attack. How do you think JPL should resolve the issues in the report? o NASA makes good recommendations for actions that need to be taken to address the issues raised in the report. It’s made clear in the report and the class material that there is a division between what is said and what is practiced in terms of JPL’s network security. Most of the recommendations from NASA on page 29 involve some kind of education or re-education of its IT staff. I think this is where JPL needs to focus its efforts, but not only the education of its IT staff but also the business and management side of things. Slide 17 from the PowerPoint makes a note that “Management wanted security when it was an abstract concept but did not hold the line when the security policies required changes to business practices.” It’s clear from the report that JPL management didn’t understand the importance and reasoning behind the policies NASA negotiated into the contract, and this lack of understanding manifested itself into the 2018 breach. Again, to summarize, I think JPL should focus on educating the workforce, management included, on the importance of the security polices set out by NASA and why these things should matter to people outside of IT as well. Why should policy match practice? o It’s a major liability for the organization if their practice does not follow its policy. o For example, a customer is more likely to do business with a company that has polices to secure admin accounts, such as requiring two factor authentication. Later on the company suffers a breach and customer data is compromised. It was found that the attackers used an unsecured admin account that didn’t have two factor authentication configured. The company can now be legally held responsible for the compromised data and customers will likely sue for financial compensation.
Discover more documents: Sign up today!
Unlock a world of knowledge! Explore tailored content for a richer learning experience. Here's what you'll get:
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Laboratory 6 - DATABASE CHALLENGE (1).docx
Team 1_ Risk Management Plan_NEW.docx
Equifax Case Study Report.docx
Desert Sands Case Study.docx
Stuxnet Case Study Report.docx
Executive Summary.docx
Boston site Routing Protocol.docx
Worchester STP Configuration.docx
IPv6 Lab.docx
Week4.docx
Module 4 Discussion - Aviation Security.docx
Case Study 1.docx