98.2k views
5 votes
Imagine a business where there are no clear boundaries defined for data and systems ownership. As a security professional, describe some potential problems that may arise from this condition. It may be helpful to frame your analysis by describing the issues in relation to the loss of one of the CIA triad security objectives.

User Bartgol
by
4.4k points

1 Answer

5 votes

Answer:

Loss of confidentiality, integrity and Availability

Step-by-step explanation:

First I would start by explaining data ownership and system ownership

Data ownership:

Such an owner is responsible for safeguarding data, has all rights and complete control of the data. He or she can transfer data responsibility to someone else

System ownership:

The responsibility here is system maintenance, taking care of system functionalities, updating system and system software.

Lack of data ownership:

1. This affects privacy of data as there would be no one involved in the monitoring and taking care of the data. It would be at risk as sensitive information may get out and data may even be modified.

2. Lack of data ownership could bring about inconsistency in data

3. Lack of data ownership piles up risks to data which may cause great loss to data eventually.

Lack of system ownership:

1. There would be no one available to take care of issues that may come up with the system

2. If system gets to be outdated, it becomes open to malware and hackers

3. Work will be unable to be completed on the system.

Loss of CIA triad

CIA stands for confidentiality, Integrity and Availability

1. Without data ownership there would be access to data which is unauthorized. This brings about loss in confidentiality, and there could be issues with data availability

2. If system gets malware at the absence of system owner then there would be loss in confidentiality, integrity. Hackers would take control of the system and they would be able to use data.

User Demarcmj
by
4.9k points