Based upon your readings and the documentary film, note the threats, vulnerabilities, and risk

assessment (information compromised) and provide your theory about how the military
intelligence system failed to prevent and detect Bradley Manning’s breach of security? Your
discussion should include comments on such areas as vulnerabilities, policies, and
procedures.
-The threats assessed with this case surround the ease of downloading and sharing classified and
sensitive information from a portal inside Department of Defense (DoD) and Department of
State (DoS) databases that were being utilized to track and share military and diplomatic
information. In some of these undisclosed locations, outsider threats stem from uncontrolled
access by American and foreign personnel who may have an interest to do harm to the security
of military operations or who may want to disseminate information to the public. The
vulnerabilities of the portals are captured with the ease of un-vetted or “need to know” personnel
had access to documents that did not pertain to their scope of work. These databases also did not
have an accountability measure in place which allowed anyone logging on to be able to access
and download material without proper permissions in place. The risk of this portal was limitless;
the potential for a breach had a ripple effect that was unimaginable and far reaching due to the
plethora of material that was released and potentially being acquired by terrorist organizations
wanting to do harm against American military and political operations.
2. Provide your suggestions for control recommendations with risk mitigation options and
strategies to assure such a security breach is prevented.
More security measures needed to be in place which has been implemented since this incident
occurred. No longer are personnel allowed to carry on them any type of device that is used to
store data or capture images in a secured work space. All DoD computers are now equipped
with software that prevents use of thumb drives and secured computer should come equipped
with software that prevents any downloading onto shareable mediums. Another measure that
should be implemented is password encryption along with access of personnel filling in specific
roles that covers their scope of work. Additionally, having a supervisor approve these roles and
access will limit the potential of improper use on government computers. Lastly, software that
tracks, detects and notifies the chain of command of any uploading and downloading of any
classified material should be implemented into government portals would mitigate further
incidents.