Imagine a business where there are no clear boundaries defined for data and systems ownership. As a security professional, describe some potential problems that may arise from this condition. It may be helpful to frame your analysis by describing the issues in relation to the loss of one of the CIA triad security objectives.
In your responses to your peers, answer this question: How would you handle the problems presented in the initial post?
To complete this assignment, review the Discussion Rubric.
RESPONSE ONE
In a business where there are no clear boundaries defined for data and systems ownership, significant security issues can arise. Without clear ownership, it is unclear who has the authority to access specific data or systems. This ambiguity can lead to unauthorized access by employees or third parties, either intentionally or accidentally, compromising sensitive information. Another possible issue is data leakage, without ownership, there’s no clear responsibility for monitoring and controlling data flows. Employees might share sensitive information externally without realizing its importance
Also, in the absence of designated ownership, no one may be responsible for ensuring the availability of systems. This can lead to prolonged system outages as well as critical systems possibly not receiving the necessary maintenance, updates, or backups. Without clearly defined data and systems ownership, a business faces significant risks across all aspects of the CIA triad. These risks can lead to unauthorized access, data breaches, loss of data integrity, and system downtime
RESPONSE TWO
In a business without defined data and systems ownership boundaries, several security risks can emerge, each tied to the CIA triad—Confidentiality, Integrity, and Availability. Let’s explore potential problems by focusing on the loss of Confidentiality as an example.
Potential Problems: Loss of Confidentiality
- Unauthorized Access: No one is responsible for implementing and managing access controls without clear ownership. This lack of accountability can lead to employees, contractors, or third parties accessing sensitive or restricted data. For example, personnel outside of the finance department may gain access to financial records, or employees without clearance might access confidential customer data, resulting in privacy violations or compliance breaches (e.g., GDPR, HIPAA).
- Data Leakage: In an environment with no designated owner for sensitive data, there is a higher risk of data being shared or exposed accidentally. Without clear guidelines on who controls access and distribution, sensitive information could be sent to unauthorized parties or posted in insecure locations. This could lead to breaches of confidential customer, employee, or business information.
- Inconsistent Data Classification: Without defined ownership, the process of classifying data as public, internal, confidential, or highly sensitive may be inconsistent or entirely neglected. If no one is responsible for categorizing the data, it's more likely that highly sensitive data is treated in the same way as general information, increasing the risk of exposure to unauthorized parties.
- Weak Access Management: When ownership isn’t defined, nobody is responsible for updating, auditing, or reviewing user permissions. As a result, employees may retain access to confidential systems or data even after changing roles or leaving the company. This creates an opportunity for internal threats or ex-employees to exploit the system and access restricted information long after they should have been removed.
Broader Consequences
A loss of confidentiality can lead to regulatory fines, lawsuits, and reputational damage. For industries that handle sensitive data—like healthcare, finance, or tech—the risks are even higher, as they are more likely to face severe consequences for mishandling confidential information.
In summary, without clear ownership of data and systems, maintaining the confidentiality of sensitive information becomes challenging, leading to unauthorized access, data leakage, and compliance violations.
Undergraduate Discussion Rubric
Overview
Your ac�ve par�cipa�on in the discussions is essen�al to your overall success this term. Discussion ques�ons will help you make meaningful connec�ons between the course content and
the larger concepts of the course. These discussions give you a chance to express your own thoughts, ask ques�ons, and gain insight from your peers and instructor.
Directions
For each discussion, you must create one ini�al post and follow up with at least two response posts.
For your ini�al post, do the following:
Write a post of 1 to 2 paragraphs.
In Module One, complete your ini�al post by Thursday at 11:59 p.m. Eastern.
In Modules Two through Eight, complete your ini�al post by Thursday at 11:59 p.m. of your local �me zone.
Consider content from other parts of the course where appropriate. Use proper cita�on methods for your discipline when referencing scholarly or popular sources.
For your response posts, do the following:
Reply to at least two classmates outside of your own ini�al post thread.
In Module One, complete your two response posts by Sunday at 11:59 p.m. Eastern.
In Modules Two through Eight, complete your two response posts by Sunday at 11:59 p.m. of your local �me zone.
Demonstrate more depth and thought than saying things like “I agree” or “You are wrong.” Guidance is provided for you in the discussion prompt.
Discussion Rubric
Criteria Exemplary Proficient Needs Improvement Not Evident Value
Comprehension Develops an ini�al post with an
organized, clear point of view
or idea using rich and
significant detail (100%)
Develops an ini�al post with a
point of view or idea using
adequate organiza�on and
detail (85%)
Develops an ini�al post with a
point of view or idea but with
some gaps in organiza�on and
detail (55%)
Does not develop an ini�al
post with an organized point of
view or idea (0%)
40
Timeliness N/A Submits ini�al post on �me
(100%)
Submits ini�al post one day
late (55%)
Submits ini�al post two or
more days late (0%)
10
9/11/24, 10:12 AM Undergraduate Discussion Rubric – CYB-200-13406-M01 Cybersecurity Foundations 2024 C-5 (Sep – Oct)
https://learn.snhu.edu/d2l/le/content/1698647/viewContent/35102832/View 1/2
Criteria Exemplary Proficient Needs Improvement Not Evident Value
Engagement Provides relevant and
meaningful response posts
with clarifying explana�on and
detail (100%)
Provides relevant response
posts with some explana�on
and detail (85%)
Provides somewhat relevant
response posts with some
explana�on and detail (55%)
Provides response posts that
are generic with li�le
explana�on or detail (0%)
30
Wri�ng (Mechanics) Writes posts that are easily
understood, clear, and concise
using proper cita�on methods
where applicable with no errors
in cita�ons (100%)
Writes posts that are easily
understood using proper
cita�on methods where
applicable with few errors in
cita�ons (85%)
Writes posts that are
understandable using proper
cita�on methods where
applicable with a number of
errors in cita�ons (55%)
Writes posts that others are
not able to understand and
does not use proper cita�on
methods where applicable (0%)
20
Total: 100%
9/11/24, 10:12 AM Undergraduate Discussion Rubric – CYB-200-13406-M01 Cybersecurity Foundations 2024 C-5 (Sep – Oct)
https://learn.snhu.edu/d2l/le/content/1698647/viewContent/35102832/View 2/2