Which information security objective(s) could be put at risk if the alternative safeguards recommended by the FGDC guidelines are applied? Explain how the objective(s) is put at risk by the mitigation(s).
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
Nicholas Nirenberg says
The safeguards of changing or restricting data recommended by the FGDC can have impacts on the security objectives of integrity and availability. As a security objective, integrity can be achieved by having the data be trustworthy and accurate, so changing or restricting some of the geospacial data can put that integrity at risk as the data can be partially inaccurate or deliberately obfuscated to make the data less accurate. The safeguards can also have a negative impact on availability as changing or restricting data can cause people with legitimate need-to-know to not be able to, for example, obtain high quality geographical data for a restricted area that they have authorization to view.
Celinemary Turner says
The application of alternative safeguards recommended by the Federal Geographic Data Committee (FGDC) guidelines may have an impact on all the information security objectives. Confidentiality, integrity and availability. The aim of confidentiality is to ensure that sensitive data is protected from unauthorized access or disclosure. If the alternative safeguards recommended by FGDC are not as effective as the original ones, they may fail to adequately protect sensitive information. This could lead to a breach of confidentiality if unauthorized individuals gain access to the data. For integrity, is to maintain the accuracy and reliability of data and prevent unauthorized alterations. If the alternative safeguards do not provide robust data integrity protection, the data may be at risk of corruption. This could lead to incorrect or unreliable information, potentially impacting decision-making and operations. Availability is to ensure that systems and data are accessible and available when needed. If the alternative safeguards do not adequately address availability concerns, there may be an increased risk of system outages or disruptions. This could result in downtime, service interruptions, and decreased productivity.
Jon Stillwagon says
Hello Celinemary, you make a valid point on how their could be a result of downtime, service interruptions, and decreased productivity. Some companies rely on public information and when that is being withheld from those companies that can definitely happen. It could also affect other companies as well just like how a data breach could affect multiple companies the controls could do the same thing. The data would have to have the right amount of controls to prevent data breaches as well as keep up with the FGDC guidelines and not slow down the company.
Jon Stillwagon says
The more preventive controls there are for information security would put the availability of the data at risk. Public organizations that rely on public data can be held back because of the amount of controls they are preventing them from running their company. The fewer preventive controls there are would put the confidentiality of the data at risk. There would have to be a fine line between the amount of controls to produce without limiting or exposing too much data for organizations to use. It would then do more damage than good to put an overestimated or underestimated amount of controls.
Bo Wang says
The alternative safeguards recommended by the FGDC guidelines affect confidentiality, integrity. Confidentiality: Alternative safeguards do not guarantee the confidentiality of the target, such as a lost password, but do not guarantee that a hacker can use it to rewrite and steal data. Integrity: Some users will have excessive operational privileges, it can change the data at any time and does not raise the alarm of safeguards.
Yannick Rugamba says
The FGDC guidelines suggest adjusting or concealing certain map details for security. Their primary aim is data privacy. However, much like configuring system settings, if changes aren’t applied properly, they can unintentionally reveal protected information. And, like ensuring system availability, it’s essential that the data remains both accurate and accessible after these modifications.
Ooreofeoluwa Koyejo says
The information security objectives that could be at risk with the implementation of the alternative safeguards recommended are Integrity – by changing the data and Availability – by restricting the data.
Integrity is put at risk when parts or all of the data is changed/modified from the original and initial content in other to protect the sensitivity of the original form, This can lead to inaccurate conclusions and applications of the changed data when it serves as input for other applications and usage being a publicly usable form of data in the democratic society of the US.
Availability is at risk with the application of the restriction of data as a safeguard alternative. This is because the access to, use of or redistribution of geospatial data is generally a societal requirement for both private and public sector agencies. With a restriction of access to the data, there could potentially be blockers for the smooth running of American society.
Hashem Alsharif says
Whenever implementing safeguards, it’s essential to follow the recommended safeguards. Sometimes, people may feel the need to follow alternative safeguards however, these can bring forth many issues. For starters, there could be issues with confidentiality because weaker protocols could lead to unauthorized access, in turn causing data breaches. Another one is Integrity, as alternative methods can cause the data to be altered. As for availability, alternative methods could affect recovery for the business if there was a complete data loss or natural disaster. It may seem appealing to some auditors to recommend alternative methods as it wouldn’t involve as much confirmation on their end to ensure validity, but ultimately it’s ideal to follow the recommended methods so that a company can properly prepare themselves.