Which information security objective(s) could be put at risk if the alternative safeguards recommended by the FGDC guidelines are applied? Explain how the objective(s) is put at risk by the mitigation(s).
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
The FGDC guidelines annotate that altering data in order to safeguard said data is appropriate. Altering data per FGDC is “To remove or modify the sensitive information and then make the changed data available without further safeguards.” If the data is modified, then that is by definition loss of integrity. Additionally, how does the data that is now “available without further safeguards” maintain its integrity and who is responsible for ensuring said integrity? Availability would also be impacted in that if the data is “removed or modified” the ability to access the unaltered data could be lengthy and cumbersome. A process would need to be outlined on how to request access to the unmodified data. Those who need said access would also need to know where to look in order to find said process. Now the people who need access to the unmodified data do not have it and may not even know how to get it. This by definition takes away from availability.
Hi Nicholas,
I agree that adding a process to access the unmodified would be important as a result of safeguards being applied. However, I also think that excessive data could result in conflicts in placement when considering the CIA triad. Maybe a good idea as part of the process would be to inform current users of the data being modified.
The two safeguards recommended by FGDC are to restrict the sensitive data or alter the data to remove the sensitive information. Restricting the data interferes with availability, but it is the most straightforward and understandable mechanism of protecting sensitive information. We can see this sort of data protection by restriction and it is obvious- there is a gap or empty space in the data. The second recommendation is potentially more problematic. Altering data damages the integrity of the data and absent any warning that the data has been altered, it could be taken at face value. For something like a the geospatial data that the FGDC works with, this could lead to a situation where someone uses altered data without knowing it was altered and comes to incorrect conclusions. With redacted or blocked data, at least the user knows the data is incomplete.
Hey David,
I understand your view on the complications involved in either restricting or altering the data as a part of the safeguards. Altering the data is especially concerning since jobs that require precise information or require almost perfect integrity would be more difficult.
Hi David,
I like the way that you simplified and articulated the main points of the readings. While restricting the data does interfere with availability, depending on the subject matter, this could be acceptable. The sensitive information might not be necessary for a person to analyze the information and render a conclusion and as you noted, it is very obvious that this data is missing. Out of the two choices I do believe this is the preferable one. If the decision is made to alter the data and thereby impact the integrity of the data, there should be a disclaimer or something identifying this fact to the user of the data. A cost benefit analysis will be most beneficial in these circumstances to determine the best method to protect the data if necessary.
Hey Dave,
I really like your point in that redacting data is to an extent better then all together leaving out or adjusting the data because like you said the user at the very least knows the data they’re looking at isn’t entirely accurate/complete. I can envision situations where data that is left out entirely or adjusted without annotations that it’s been edited.
The safeguards outlined by the FDGC guidance include either obfuscating or masking the data as it exists or to entirely remove elements of data deemed sensitive in order to protect the confidentiality. The downstream impact of this is that by safeguarding the confidentiality of the data, the two solutions provided impact the data integrity by editing the data and/or the availability of the data if specific data elements are removed. Considering this data could be used for analysis or research, the elements that are modified or removed should be considered to ensure this does not impact the analysis or conclusions rendered as a result of not having access to the entire dataset by which to draw conclusions. The act of safeguarding the confidentiality could inadvertently influence and incorrect conclusion. These are risks that should be considered when assessing the situation. If it is truly necessary to obfuscate or remove data, perhaps a disclaimer identifying the data is incomplete would be helpful.
Hi Christa,
I find it interesting how you described the effects on confidentiality as a result of the alternate safeguards. I didn’t consider that the very act of implementing the safeguards could result in potentially violating confidentiality. I would assume that anyone considering applying safeguards would receive proper authentication first, but if an individual were to apply them without any authentication would be a violation of confidentiality.
Hi Christa,
I agree with you on compromising the integrity of the data if any is restricted or changed, that it could have a downstream effect depending on what analysis is done on the data and could render the conclusion of not having access to the full data set because the data set might not be complete and/or accurate.
The alternative safeguards outlined by the FDGC guidance involve either obfuscating or hiding the data by changing its metadata or removing elements that are sensitive. As such, integrity and availability can be negatively impacted as a result of applying alternative safeguards. Those that used the data to access specific pieces of information would need to find alternate sources that have the data or obtain the proper credentials necessary to access the data.
Hello Kenneth,
I agree with you on the idea that obfuscating or hiding the data by changing its metadata or removing elements that are sensitive will greatly violate security objectives such as integrity and availability. Perhaps this data is going to be used in future researches or projects, the results won’t be credible, because the experiment has be ran with tempered data. No integrity here. So, it is critical to find other ways to access this data without violating security objectives.
One way to safeguard the data would be to limit who has access to it, in doing so limiting its permissions. Fewer people having access to the data means there is less potential for breaches. However, this obviously limits the accessibility of the data which can be counterintuitive for an institution, if no one can access the data, what is the point in keeping it or employing expensive safeguards to it? Another safeguard is to change the data itself, removing sensitive information to limit the potential damage a breach can cause. However, the issue with this approach is that the value of the data is within its integrity and changing it too much makes the data useless and no longer needs to be safeguarded. Taking this approach, there must be a limit to how much information can be changed, the data must retain some of its value while retaining its integrity.
When the FGDC guidelines are applied, they work under two principles: restricting or changing data. These could impact the three objectives of data security which include confidentiality, availability, and integrity. When these guidelines are applied, they interfere with the authority of the data. This allows the user to view data which puts the confidentiality of information at risk. When the user can change the data, the integrity of the information is at stake (Borky & Bradley, 2018). When data is restricted according to the FGDC guidelines, they tend to limit management from accessing it. This makes it challenging to run their duties, resulting in losses.
According to the FGDC guidelines one of the recommendations is to Restrict the Data which relates closely to the availability of the data and can put the risk level at high. For example, A lack of data can result in system interruptions. When data is restricted only few people have access to it and the possibility of this data been breached is almost minimal.