Chat with us, powered by LiveChat Imagine a business where there are no clear boundaries defined for data and systems ownership. As a security professional, describe some potential problems t - Tutorie

Imagine a business where there are no clear boundaries defined for data and systems ownership. As a security professional, describe some potential problems t

Imagine a business where there are no clear boundaries defined for data and systems ownership. As a security professional, describe some potential problems that may arise from this condition. It may be helpful to frame your analysis by describing the issues in relation to the loss of one of the CIA triad security objectives.

In your responses to your peers, answer this question: How would you handle the problems presented in the initial post?

To complete this assignment, review the Discussion Rubric.

RESPONSE ONE

In a business where there are no clear boundaries defined for data and systems ownership, significant security issues can arise. Without clear ownership, it is unclear who has the authority to access specific data or systems. This ambiguity can lead to unauthorized access by employees or third parties, either intentionally or accidentally, compromising sensitive information. Another possible issue is data leakage, without ownership, there’s no clear responsibility for monitoring and controlling data flows. Employees might share sensitive information externally without realizing its importance 

Also, in the absence of designated ownership, no one may be responsible for ensuring the availability of systems. This can lead to prolonged system outages as well as critical systems possibly not receiving the necessary maintenance, updates, or backups. Without clearly defined data and systems ownership, a business faces significant risks across all aspects of the CIA triad. These risks can lead to unauthorized access, data breaches, loss of data integrity, and system downtime 

RESPONSE TWO

In a business without defined data and systems ownership boundaries, several security risks can emerge, each tied to the CIA triad—Confidentiality, Integrity, and Availability. Let’s explore potential problems by focusing on the loss of Confidentiality as an example.

Potential Problems: Loss of Confidentiality

  1. Unauthorized Access: No one is responsible for implementing and managing access controls without clear ownership. This lack of accountability can lead to employees, contractors, or third parties accessing sensitive or restricted data. For example, personnel outside of the finance department may gain access to financial records, or employees without clearance might access confidential customer data, resulting in privacy violations or compliance breaches (e.g., GDPR, HIPAA).
  2. Data Leakage: In an environment with no designated owner for sensitive data, there is a higher risk of data being shared or exposed accidentally. Without clear guidelines on who controls access and distribution, sensitive information could be sent to unauthorized parties or posted in insecure locations. This could lead to breaches of confidential customer, employee, or business information.
  3. Inconsistent Data Classification: Without defined ownership, the process of classifying data as public, internal, confidential, or highly sensitive may be inconsistent or entirely neglected. If no one is responsible for categorizing the data, it's more likely that highly sensitive data is treated in the same way as general information, increasing the risk of exposure to unauthorized parties.
  4. Weak Access Management: When ownership isn’t defined, nobody is responsible for updating, auditing, or reviewing user permissions. As a result, employees may retain access to confidential systems or data even after changing roles or leaving the company. This creates an opportunity for internal threats or ex-employees to exploit the system and access restricted information long after they should have been removed.

Broader Consequences

A loss of confidentiality can lead to regulatory fines, lawsuits, and reputational damage. For industries that handle sensitive data—like healthcare, finance, or tech—the risks are even higher, as they are more likely to face severe consequences for mishandling confidential information.

In summary, without clear ownership of data and systems, maintaining the confidentiality of sensitive information becomes challenging, leading to unauthorized access, data leakage, and compliance violations.

Undergraduate Discussion Rubric

Overview

Your ac�ve par�cipa�on in the discussions is essen�al to your overall success this term. Discussion ques�ons will help you make meaningful connec�ons between the course content and

the larger concepts of the course. These discussions give you a chance to express your own thoughts, ask ques�ons, and gain insight from your peers and instructor.

Directions

For each discussion, you must create one ini�al post and follow up with at least two response posts.

For your ini�al post, do the following:

Write a post of 1 to 2 paragraphs.

In Module One, complete your ini�al post by Thursday at 11:59 p.m. Eastern.

In Modules Two through Eight, complete your ini�al post by Thursday at 11:59 p.m. of your local �me zone.

Consider content from other parts of the course where appropriate. Use proper cita�on methods for your discipline when referencing scholarly or popular sources.

For your response posts, do the following:

Reply to at least two classmates outside of your own ini�al post thread.

In Module One, complete your two response posts by Sunday at 11:59 p.m. Eastern.

In Modules Two through Eight, complete your two response posts by Sunday at 11:59 p.m. of your local �me zone.

Demonstrate more depth and thought than saying things like “I agree” or “You are wrong.” Guidance is provided for you in the discussion prompt.

Discussion Rubric

Criteria Exemplary Proficient Needs Improvement Not Evident Value

Comprehension Develops an ini�al post with an

organized, clear point of view

or idea using rich and

significant detail (100%)

Develops an ini�al post with a

point of view or idea using

adequate organiza�on and

detail (85%)

Develops an ini�al post with a

point of view or idea but with

some gaps in organiza�on and

detail (55%)

Does not develop an ini�al

post with an organized point of

view or idea (0%)

40

Timeliness N/A Submits ini�al post on �me

(100%)

Submits ini�al post one day

late (55%)

Submits ini�al post two or

more days late (0%)

10



9/11/24, 10:12 AM Undergraduate Discussion Rubric – CYB-200-13406-M01 Cybersecurity Foundations 2024 C-5 (Sep – Oct)

https://learn.snhu.edu/d2l/le/content/1698647/viewContent/35102832/View 1/2

Criteria Exemplary Proficient Needs Improvement Not Evident Value

Engagement Provides relevant and

meaningful response posts

with clarifying explana�on and

detail (100%)

Provides relevant response

posts with some explana�on

and detail (85%)

Provides somewhat relevant

response posts with some

explana�on and detail (55%)

Provides response posts that

are generic with li�le

explana�on or detail (0%)

30

Wri�ng (Mechanics) Writes posts that are easily

understood, clear, and concise

using proper cita�on methods

where applicable with no errors

in cita�ons (100%)

Writes posts that are easily

understood using proper

cita�on methods where

applicable with few errors in

cita�ons (85%)

Writes posts that are

understandable using proper

cita�on methods where

applicable with a number of

errors in cita�ons (55%)

Writes posts that others are

not able to understand and

does not use proper cita�on

methods where applicable (0%)

20

Total: 100%

9/11/24, 10:12 AM Undergraduate Discussion Rubric – CYB-200-13406-M01 Cybersecurity Foundations 2024 C-5 (Sep – Oct)

https://learn.snhu.edu/d2l/le/content/1698647/viewContent/35102832/View 2/2

Are you struggling with this assignment?

Our team of qualified writers will write an original paper for you. Good grades guaranteed! Complete paper delivered straight to your email.

Place Order Now