ENDNOTES

1. Verizon, “2019 Data Breach Investigation Report,” 2019. Available at https://enterprise.verizon.com/resources/reports/dbir/ (accessed February 23, 2020).

2. National Institute of Standards and Technology, “Special Publication 800-39: Managing Information Security Risk: Organization, Mission, and Information System View,” March 2011. Available at http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-39.pdf (accessed February 23, 2020).

3. National Oceanic and Atmospheric Administration (NOAA), “Tornado Alley,” undated. Available at https://www.ncdc.noaa.gov/climate-information/extreme-events/us-tornado-climatology/tornado-alley (accessed February 23, 2020).

4. U.S. Department of Justice, “Former Student Sentenced for Causing Damage to University of Iowa Computer Network,” August 23, 2018. Available at https://www.justice.gov/usao-sdia/pr/former-student-sentenced-causing-damage-university-iowa-computer-network (accessed February 23, 2020).

5. National Institute of Standards and Technology, “Special Publication 800-61 (Rev. 2): Computer Security Incident Handling Guide,” August 2012. Available at https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final (accessed February 23, 2020).

6. Code of Federal Regulations, Title 45, sec. 164.408 (2013).

7. Holt, Thomas J., Adam M. Bossler, and Kathryn C. Seigfried-Spellar, Cybercrime and Digital Forensics: An Introduction. New York, NY: Routledge, 2017.