Scenario:
A federal agency has asked your cybersecurity consulting firm to provide it with a white paper that discusses the issues of usefulness and security in regards to Open Data. The white paper is intended for a group of executives at the agency who are opposed to the planned conversion of its current controlled distribution for several highly valuable and frequently requested datasets (DVDs purchased through the Government Printing Office) to OPEN Data distribution via the government's Data.Gov portal (website). Currently, these data sets are purchased by businesses and academic institutions and are used for a variety of purposes.
A customer satisfaction survey revealed that purchasers are willing to change over to the new Open Datadistribution method for data sets. But, the agency head has received phone calls from several large and politically well-connected customers who expressed concerns about potential issues with the integrity andauthenticity of downloaded data. The agency's executives were also surveyed and they provided the following security-related items in a list of concerns for the planned conversion to an Open Data delivery method:
- Confidentiality / Privacy (ensuring proper redaction)
- Data integrity
- Data authenticity
- Availability (reliability) of the Open Data service (website)
- Non-repudiation of data sets