You just started a new job as Business Analyst at the Federal Emergency Management Agency (FEMA), reporting under Advance Claims Manager Wendy White. She called you in to discuss a concern with an IT project currently in development. When the Flood Claims Accelerated Assistance Project is completed next month, it will allow policyholders to establish an online account to access information about the status of their insurance claims. Eventually they will be able to file their claims online, with any applicable claim payouts automatically deposited directly into the taxpayers’ bank accounts. This project will save the agency around $5M in processing costs annually. Additionally, the recent hurricane has added urgency to this project. By automating the processing of claims, advance payments can be issued rapidly to help homeowners begin the process of cleaning up their homes.
As designed, the policyholder would set up an online account by entering name, social security number, and street address. For added security, the system will also require the policyholder to enter the year they purchased their property, allowing the system to crosscheck the entered value against county real estate information. (Each county maintains a database of real estate information. This is public information, and includes all sales transactions.)
However, Wendy is concerned that the new solution may introduce some data security risks. She has asked you to do a little research and write a memo summarizing your findings, for her use when she meets with the CIO next week. There is a lot of pressure to get this project completed, so she asks that you be specific about any risks you identify.
This situation brings to mind a security breach that occurred at the IRS recently.
- Research the “Get Transcript” data breach that occurred at the IRS. Here’s a clue – look at the following article:
If you’d like to see another article about this case, read this one:
(If you have trouble accessing this, go to news.google.com and search for “IRS Says Cyberattacks More Extensive” – Aug 17, 2015).
- Prepare a memo that summarizes the IRS “Get Transcript” security breach. You should explain how it happened, what impact it had (and on whom). Highlight any similarities between the IRS case and the new solution at the FEMA.
- You may want to document the mechanics of this fraud using some sort of process documentation technique. (Focus on effective communication.)
Tips: Make sure your memo is well organized and easy to understand at a high level. You should demonstrate that you fully understand the data breach — not just how the hackers got in, but also how they carried away the money. Your supervisor will only read your best work.
Some important tips and details:
- This is an individual assignment.
- The final result of your work must be submitted in Word format and should be no longer than 1 ½ pages, single spaced.
- Follow course style/format guidelines for memos.