You just started a new job as Business Analyst at the Federal Emergency Management Agency (FEMA), reporting under Advance Claims Manager Wendy White. She called you in to discuss a concern with an IT project currently in development. When the Flood Claims Accelerated Assistance Project is completed next month, it will allow policyholders to establish an online account to access information about the status of their insurance claims. Eventually they will be able to file their claims online, with any applicable claim payouts automatically deposited directly into the taxpayers’ bank accounts. This project will save the agency around $5M in processing costs annually. Additionally, the recent hurricane has added urgency to this project. By automating the processing of claims, advance payments can be issued rapidly to help homeowners begin the process of cleaning up their homes.
As designed, the policyholder would set up an online account by entering name, social security number, and street address. For added security, the system will also require the policyholder to enter the year they purchased their property, allowing the system to crosscheck the entered value against county real estate information. (Each county maintains a database of real estate information. This is public information, and includes all sales transactions.)
However, Wendy is concerned that the new solution may introduce some data security risks. She has asked you to do a little research and write a memo summarizing your findings, for her use when she meets with the CIO next week. There is a lot of pressure to get this project completed, so she asks that you be specific about any risks you identify.
This situation brings to mind a security breach that occurred at the IRS recently.
If you’d like to see another article about this case, read this one:
(If you have trouble accessing this, go to news.google.com and search for “IRS Says Cyberattacks More Extensive” – Aug 17, 2015).
Tips: Make sure your memo is well organized and easy to understand at a high level. You should demonstrate that you fully understand the data breach — not just how the hackers got in, but also how they carried away the money. Your supervisor will only read your best work.
Some important tips and details: