Open Data

docx

School

University of Maryland, University College *

*We aren’t endorsed by this school

Course

360

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

8

Uploaded by yvied

Report
Cybersecurity for Open Data Project 1: Cybersecurity for Open data University of Maryland Global Campus CSIA 360 November 10, 2023 Open Data Open Data, defined as information that is easily accessible, usable, and shareable, has reshaped how government manage and disseminate information (Open Data, n.d). The catalyst
Cybersecurity for Open Data for this shift can be traced back to February 2009, when the Barack Obama administration issued a memorandum for fostering openness within the government. The objective was to promote accountability, transparency with the public, and engagement to increase efficiency and effectiveness in government operations (Obama White House Archives, 2009). This commitment materialized in December 2008, when the executive branch issued the Open Government Directive requiring federal agencies to publish government information online. To facilitate this, the government established Data.Gov, an open data website managed by the U.S General Services Administration, Technology Transformation Service. In May 2013, the Open Data Policy was issued, providing a framework on how to manage information as an asset. The memorandum requires agencies to make government information open and machine-readable, under open licenses with a legal guarantee that data can be freely used, redistributed and adapted, and subject only to the requirement to attribute. It also requires periodic review of information for privacy, confidentiality, and security issues (OMB, 2013) On January 14, 2019, Congress passed the Open Government Data Act which built upon and reinforced key aspects proposed in the Open Data Policy. Benefits of Open Data Open Data offers many benefits, ranging from fueling innovation, entrepreneurship, and collaboration to driving economic growth and improving lives. Some specific examples include: 1. Open Data increases transparency which can prevent corruption and mismanagement. By making government data publicly accessible it serves as a tool for accountability in governance.
Cybersecurity for Open Data 2. Open Data enables collaboration between the private and public sectors, exemplified by events like hackathons. These events gather programmers together to solve challenges based on open data (European, 2020). 3. Open data can be used to develop transportation solutions such as navigation and ride- sharing applications. City Mapper, a prime example, uses open data to provide real-time travel options, improving transportation efficiency and a user’s commuting experience (Dataspace, 2018). 4. Open Data can be used to improve government operations and the delivery of public services. For instance, the Dutch Ministry of Education had released an open education API. Because of this, the number of questions they received dropped, reducing workload and costs (European, 2020). 5. Open Data can be used in the healthcare industry to facilitate research work and policymaking. Healthcare data sets can be used to map the spread of disease and help make safe and accurate decisions for patient care (Data Institute, 2015). Security Challenges for Open Data While Open Data offers opportunities for economic growth, it also introduces security challenges that can impact the availability and usefulness of data. Any unauthorized access to sensitive information can pose a threat to the confidentiality of data. To safeguard against this, the government should adhere to guidelines outlined in the Open Data Policy to determine which data can be shared publicly. Government must also make sure to maintain the integrity and authenticity of data. Any unauthorized alterations or deletions can diminish the data’s usefulness and decrease public trust in its reliability and accuracy. Anyone using datasets that have been altered or missing information can draw incorrect conclusions from it. System failures can
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Cybersecurity for Open Data impact the availability of data, hindering its accessibility to users. Threats such as message tampering and replay attacks can pose challenges to the non-repudiation of open data (Kolbach, 2023). The National Institute of Standards and Technology (NIST) plays an important role in helping secure open data. NIST provides guidance on cryptographic techniques that can be used to ensure integrity and authenticity of data, access controls to ensure confidentiality, redundancy and failover mechanism to ensure availability, and logging and auditing practices to ensure accountability. In addition to the Open Data Policy, the government has established other policies for protecting government data such as: NIST Special Publication 800-53 which provides a catalog of security controls federal agencies should implement to protect information systems hosting OPEN Data. NIST Cybersecurity Framework which is a scalable framework that can be used to manage and mitigate risks associated with OPEN Data (FTC, n.d.). The Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach to security assessment, authorization, and continuous monitoring of cloud services and products. This program ensures that government data hosted in the cloud adheres to rigorous security standards (GSA, n.d). Best Practices for Securing Open Data
Cybersecurity for Open Data Protecting the confidentiality, integrity, availability, authenticity, and non-repudiation of Open Data is important for its successful utilization. To do this, federal agencies should adopt best practices such as: 1. Adhere to regulatory requirements relevant to Open Data Security. 2. Implement access controls, such as role-based access, so that only authorized users can access or modify certain data. 3. Encrypt data at rest and in transit using NIST approved cryptographic algorithms, such as Advanced Encryption standard (AES) to safeguard against unauthorized access (NIST, 2010). 4. Establish redundant storage and backup strategies to ensure continuous availability of data. In addition, testing data backup recovery plans annually to decrease operational risks. NIST Cybersecurity Framework control IP-4 and NIST 800-53 control CP-2 and CP-9 provide guidelines for creating effective backup plans, including identifying files to back up, defining recovery time objective and recovery point objective, adhering to legal data retention requirements, and keeping a copy of critical data in a separate secure, and accessible location (NCCoE, n.d.). 5. Implement authentication measures such as multi-factor authentication and strong password policies to verify the identity of users. NIST recommends a minimum of 8 characters for user-created passwords and encourages the use of a secure password manager for generating and storing passwords. (Vicente, 2023). 6. Implement digital signatures and logging and auditing mechanisms to establish non- repudiation. Logging and auditing enable the tracking of actions performed on Open data,
Cybersecurity for Open Data ensuring accountability. The logs should be reviewed regularly to identify any anomalies or vulnerabilities in Open data systems. Conclusion In conclusion, the Obama administration’s transparency memorandum, coupled with the establishment of the Open Government Directive, Open Data Policy, and Open Government Data Act has shifted how government manage and share information through Open Data. Open Data, grounded in principles of accessibility, usability, and shareability, has helped improve systems and processes, foster innovation, entrepreneurship, collaboration, and economic growth. Despite its benefits, Open Data comes with its challenges, particularly concerning privacy. System failures and unauthorized access or alterations to Open Data systems can compromise the confidentiality, integrity, availability, authenticity, and non-repudiation of data. Adherence to regulatory requirements and best practices outlined in frameworks such as the NIST Cybersecurity Framework and NIST Special Publication 800-53 ensures the responsible and effective use of open data for the betterment of society.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Cybersecurity for Open Data References Datapace. (2018, September). 16 Innovative Applications and Businesses Created With Open Data. Datapace on Medium. Retrieved from https://medium.com/datapace/16-innovative- applications-and-businesses-created-with-open-data-9927c953e9d2 European Data Portal. (2020, January). Benefits and Value of Open Data. Retrieved from https://data.europa.eu/en/publications/datastories/benefits-and-value-open-data Federal Trade Commission. (n.d.). NIST Framework. Federal Trade Commission (FTC) Business Guidance. Retrieved from https://www.ftc.gov/business-guidance/small- businesses/cybersecurity/nist-framework#:~:text=It%20gives%20your%20business %20an,Detect%2C%20Respond%2C%20and%20Recover. General Services Administration (GSA). (n.d.). FedRAMP - Federal Risk and Authorization Management Program. GSA. Retrieved from https://www.gsa.gov/technology/government-it-initiatives/fedramp Kolbach, A. (2023, January). Confidentiality, Integrity, Availability, Authenticity. LinkedIn. Retrieved from https://www.linkedin.com/pulse/confidentiality-integrity-availability- authenticity-albert-kolbach National Cybersecurity Center of Excellence (NCCoE). (n.d.). Protecting Data Integrity in the Multi-Sector Enterprise: A Use Case in the Energy Sector. NCCoE. Retrieved from www.nccoe.nist.gov/sites/default/files/legacy-files/msp-protecting-data-extended.pdf
Cybersecurity for Open Data National Institute of Standards and Technology (NIST). (2010, April). Guide to Protecting the Confidentiality of Personally Identifiable Information (PII). NIST. Retrieved from https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-122.pdf Obama White House Archives. (2009, January). Transparency and Open Government. Retrieved from https://obamawhitehouse.archives.gov/the-press-office/transparency-and-open- government Office of Management and Budget. (2013, May). M-13-13: Open Data Policy – Managing Information as an Asset. Retrieved from https://www.whitehouse.gov/wp- content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-13.pdf Open Data Handbook. (n.d.). What is Open Data? Retrieved from https://opendatahandbook.org/guide/en/what-is-open-data/ Open Data Institute. (2015, June). How can open data help improve healthcare? Open Data Institute (ODI). Retrieved from https://theodi.org/news-and-events/blog/how-can-open- data-help-improve-healthcare/ Vicente,V. (2023, May). NIST Password Guidelines: What You Need to Know. AuditBoard Blog. Retrieved from https://www.auditboard.com/blog/nist-password-guidelines/

Related Documents

annotated-ENPM687Final_RheaJokhi.pdf
Interpreting and Building Entity-Relationship Diagram (ERD) MIS 605 GCU.docx
Report Card for Sai Shravya Simhadri Chapter 2.pdf
Report Card for Sai Shravya Simhadri Chapter 3.pdf
Discussion Forum - 3.docx
Henkel Iberica Case Study - Dharti Shah.pdf
RHIT 9th Edition Practice Questions_ Domain 6##.pdf
RHIT 9th Edition Practice Questions_ Domain 6@@@.pdf
RHIT 9th Edition Practice Questions_ Domain 5#.pdf
Quiz 9_12.docx
risk.docx
Week 12 Discussion forum.docx