Karleen Victoria R.

Gapunay

Pub-ad 3A

1. What is the importance of security and privacy in government organization?

Explain your answer.

Human beings value their privacy and the protection of their personal sphere of
life. They value some control over who knows what about them. They certainly do not
want their personal information to be accessible to just anyone at any time. Like the
government which holds a lot of different data’s, of different factions of a lot of people,
places, etc. having a privacy and security in a government organization is important for
keeping its data safe and preventing data leaks and data thefts that can expose secrets
not for the public knowledge. Having also a good and reliable protection or security will
secure the trust of clients to the government organization.

2. What are security breaches? Site at least 2 security breaches that occurred in
the government and detailed it on what happened in it. (Research)

A security breach occurs when an intruder gains unauthorized access to an

organization’s protected systems and data. Cybercriminals or malicious applications
bypass security mechanisms to reach restricted areas. A security breach is an early-stage
violation that can lead to things like system damage and data loss.
Security break in government STATE OF TEXAS: 3.5 MILLION AFFECTED (APRIL
2011), where In early 2011, the Texas Comptroller’s Office revealed a breach for 3.5
million Texans’ personal information, including Social Security numbers, dates of birth,
and driver’s license numbers. The Comptroller’s mea culpa admitted that the office had
inadvertently kept the sensitive information on a publicly accessible state server. The
mistake occurred after the comptroller’s office asked three groups – the Teacher
Retirement System of Texas, the Texas Workforce Commission and the Employees
Retirement System of Texas – to transfer their databases, containing records of about
3.5 million state employees and retirees, to the comptroller’s server.
“Inadvertently disclosed on an agency server that was accessible to the public,”
South Carolina Department Of Revenue: 3.6 million affected (October, 2012);
the South Carolina Department of Revenue suffered a data breach in 2012 that
exposed 3.6 million Social Security numbers and 387,000 taxpayers’ credit and debit
card numbers when a database server was hacked. The majority of the payment card
numbers (371,000) were encrypted, but the sensitivity of the other data exposed
prompted South Carolina to offer a year of free credit monitoring and identity theft
protection to victims. State officials say the attack was mounted from a computer with
 an international IP address. They say the attack was found earlier this month but they
have not given many details because of the ongoing investigation.
3. Explain the advantages and disadvantages of security breaches.

Advantage - public pressure on companies to fix them and awareness

amongst users that they’ll need to patch as soon as it’s released/to use with
caution.
The advantage is that everyone has an opportunity to patch their
computer, and there will be pressure put on vendors to create patches. If they
don’t, often the community comes up with workarounds to secure systems.
The disadvantage is that hackers can reverse-engineer the patch and criminals
can then exploit it. Typically, there is a window during which vendors and top-
tier customers are notified, and the public is only notified after a patch is
already available, so it is a straight race to patch before script kids have
created an exploit and weaponized it
make people aware of the vulnerability before any hacker finds it and
exploits it. It’s made public to make everyone aware of the dangers of that
vulnerability, and to fix their systems as soon as possible before someone else
exploits it and steal all the data, as soon as the vulns are made public people
start to patch their systems and more and more patches come out, even if the
vulns are made public not everyone takes advantage of the patches or take
security measures.

Disadvantage - mid-level hackers could take advantage 

If vulnerabilities are never made public, there is a risk that some

group such as the NSA may stockpile them and develop exploits which will
never be blocked if they are sufficiently careful about using them. If a vendor
quietly patches a system but does not release details, users may not take the
patch seriously and may not bother to apply it.