1 ron briggs ut-dallas gisc 6383 gis management and implementation 9/11/2015 security, access and...
TRANSCRIPT
04/19/23 1
Ron Briggs UT-Dallas GISC 6383 GIS Management and Implementation
Security, Access and Privacy
GIS Management’s Responsibilities
As a computer, I find your faith in technology rather amusing.
Anon.
04/19/23 2
Ron Briggs UT-Dallas GISC 6383 GIS Management and Implementation
Five Primary Responsibilities• Integrity
– assuring that info. is correct and protected from unauthorized alteration
• Recoverability– assuring that no essential information is lost and data can be recovered in
the event of any disruption
• Continuity – assuring that the agency’s essential operations can be reactivated in the
event of any disruption
• Confidentiality– assuring that legally protected data is not disclosed to the public or others
• Accessibility– assuring that appropriate information is available to all persons with a
right to know, including users, management and the public
04/19/23 3
Ron Briggs UT-Dallas GISC 6383 GIS Management and Implementation
Other Issues• GIS is data driven
– these primary responsibilities reflect data-related issues
• other security and ethics-related issues, not specifically addressed here, include– responsibility, accountability, and liability
• snow storm, roof collapses, people lose money, who is liable?
– intellectual property: trade secrets, copyright, patents• It’s certainly more than controlling software copying
– equity, access, and social impact• does info. access widen social and economic divisions?
– personal protection and health• safety hazards in the workplace
04/19/23 4
Ron Briggs UT-Dallas GISC 6383 GIS Management and Implementation
Security and Risk Management• The five primary responsibilities fundamentally revolve around
appropriate security policies and procedures• in turn, these are part of a broader concept of risk management,
previously primarily considered in the private sector, but since 9/11 critical in both private and public sectors.
• Dealing with these requires familiarity, not just with technology, but also with– federal laws and regulations– state laws and regulations – local (city, county, etc.) ordinances– organizational policies
And with the nature of risk itself.
04/19/23 5
Ron Briggs UT-Dallas GISC 6383 GIS Management and Implementation
Risk Assessment• probability of occurrence
• institutional impact/cost of failure
pro
bab
ility
of
occu
rren
ce
Low
High
cost of failure
HighLow
obvious
tricky
depends
Sleep easy
04/19/23 6
Ron Briggs UT-Dallas GISC 6383 GIS Management and Implementation
Contingency Planning“The bottom line is that there is, and always has been, a direct
correlation between technology’s ability to give us power one moment and to render us powerless the next.
There are a number of ways to deal with this dilemma. One is to avoid technology completely--keep your money in a mattress, correspond by mail, ride a horse, burn candles. But there are drawbacks even here, like saddle sores and melted wax stuck to tables. And for {GIS managers} it would mean choosing another profession, like pottery, basket weaving or glass blowing.
A better answer is to get the most out of technology when it works, but to be prepared when it doesn’t. Industry vernacular refers to it as contingency planning. I call it common sense.”
John Foley Communications Week, 1/14/91
Contingency Planning…planning for the five responsibilities…
04/19/23 7
Ron Briggs UT-Dallas GISC 6383 GIS Management and Implementation
Integrity• error control: ensuring data is correct
– data entry and change• automated capture at the source• double input• input masks and validation rules (domains and defaults)
– journaling: tracking all changes– data audits
• security policy/procedures: preventing unauthorized access & alteration – written policies & procedures for security– employee training and awareness programs– CRUD rules for every employee or employee class (create, read, update, delete)– software capable of implementing policies & rules
• personal verification: required by federal law– policies/procedures for how persons verify correctness of their records– policies/procedures for how identified errors are corrected
Industry standard databases (e.g Oracle) have more capabilities in these regards than GIS-specific database systems (e.g. Info and even Geodatabase)
04/19/23 8
Ron Briggs UT-Dallas GISC 6383 GIS Management and Implementation
Integrity as a Process• Authentification of User Access
– UserId/Passwords– Smart cards– Biometrics (finger print, retina scan, etc..)
• Communication Encryption– Integrity of data as it moves– Encryption of data stream
• Data Access Control (to data base elements)– Control of individual users down to data element level:
• fine grain CRUD policies
– No knowledge of access level• Unauthorized data is invisible• Unaware of level of access (don’t know if know everything)
• Data Integrity (of data base elements)– Integrity of data at it rests– Entered correctly and changed legitimately
• Comprehensive Auditing (of all data access)– Tracking “who, what, when” for all entry and change– In case any of the above steps fail
04/19/23 9
Ron Briggs UT-Dallas GISC 6383 GIS Management and Implementation
Recoverability• disaster recovery methods
– back-ups– mirroring/fault tolerant systems
• disaster recovery implementation– on-site copies for rapid recovery from equipment failures– off-site copies “ beyond destruction radius” for disasters
Issues– must be applied to desktop systems (if they contain critical data) as well as
central servers– applies equally to non-digital and digital data– the early unreliability of digital data storage devices has heightened our
awareness of the need for back-up for all data
04/19/23 10
Ron Briggs UT-Dallas GISC 6383 GIS Management and Implementation
Continuity• Requires
– Data– Systems– People: what happens if your staff (and/or you) are wiped out?
• disaster recovery methods– mirroring/fault tolerant systems
• useless for destructive disasters!
– interagency swop agreements– commercial services: hot sites/cold sites
• disaster recovery planning– cannot be “dealt with when it happens”– written plan essential
• prioritize data/applications to be recovered
– regular testing of plan essential for training and refinement
Issues– not just for 911 and public safety issues– can you generate tax bills or payroll?
04/19/23 11
Ron Briggs UT-Dallas GISC 6383 GIS Management and Implementation
Confidentiality Classifying Data• Texas law requires state agencies to classify all data as
• confidential (exempt from Open Records Act), or• sensitive (accuracy and integrity critical), or• open and freely available
• It’s good practice for other public organizations to do likewise Ensuring Confidentiality• methods for achieving confidentiality are the same as for ensuring integrity• consistent and continuous implementation of security policies and
procedures is the essential key• any new GIS manager should begin by requesting a copy of the agency’s
security and/or information access policies and procedures, and be most concerned if they don’t exist!
04/19/23 12
Ron Briggs UT-Dallas GISC 6383 GIS Management and Implementation
Accessibility: Open Records
• Open Records laws exist at both the federal and state levels
• fundamentally, they provide the public with the right to inspect government records (digital or non-digital)
• purpose of these laws is primarily– to ensure correctness of records
– to prevent tyranny and inappropriate record collection
– to expose inefficiency and ineptitude
• laws can vary considerable between states, with Texas having an especially aggressive law – all government held data is openly available unless it is specifically exempt (and
thus by definition is confidential)
• these laws give rise to several managerial challenges!
04/19/23 13
Ron Briggs UT-Dallas GISC 6383 GIS Management and Implementation
Accessibility: Open Records versus Privacy• Open Records versus Privacy (confidentiality) is a fundamental dilemma for all
persons involved in information management in the public sector• you are legally required to make records available for public inspection and to
protect the confidentiality of individuals• these frequently conflict but each is deeply engrained in US • openness of government:
– deeply engrained as a protection against government tyranny, and lately, ineptitude and inefficiency
• the right to personal privacy:– equally deeply engrained in the constitution and the law
• the conflict cannot be resolved, only balanced• balancing should be done via policy developed (or at least approved) by senior
agency management, not on an ad hoc basis by the GIS manager – But GIS managers may need to take the initiative to get a policy in place!
04/19/23 14
Ron Briggs UT-Dallas GISC 6383 GIS Management and Implementation
Accessibility: Open Records and Public Domain• information “in the public domain” can be freely used, copied, modified,
distributed, or sold by any person or organization for any purpose including profit making
• open records laws, in effect, place all government data (unless specifically exempted) “in the public domain”
• further, federal, and many state laws (including Texas), limit the cost governments my charge for data to the “cost of reproduction” and specifically prohibit recovery of “costs for data collection” (which are invariably dramatically higher)
• Texas, for a temporary period, had a specific exemption for data derived from “geographic information systems” but this has long expired
• internationally, US policy is more the exception than the norm
Get a copy of: Office of the Texas Attorney General Public Information Handbook, now on-line at
http://www.oag.state.tx.us/AG_Publications/pdfs/publicinfo_hb2006.pdf
04/19/23 15
Ron Briggs UT-Dallas GISC 6383 GIS Management and Implementation
Accessibility: The Public Domain DebateCon
• costs should be paid by people who use the data, not by everyone
• taxes could be reduced for everyone if governments could recoup data collection costs
• information is a valuable resource (like land), which governments should manage as such (and not give away!)
• better data (updated, maintained, etc.) would be available if governments could benefit financially
• encourages “freeloaders” who avoid their “fair share” of cooperative projects since data will be free later
Pro
• required to ensure integrity of the open records policy
• tax payers have already paid once, should not have to pay twice
• free information flow essential to the operation of a democracy
• information is in essence a public good (like police and the military) and should be treated as such
• information availability has fostered US dominance of info-based industries (e.g. GIS and GPS)
04/19/23 16
Ron Briggs UT-Dallas GISC 6383 GIS Management and Implementation
Major Texas Legislation• Texas Public Information Act, 1997 (as amended)
– requires that government records be made available upon request – Originally enacted as Texas Open Records Act, 1973– much amended; recodified in 1993 as Title 5, Chp. 552 Open Records
• Office of the Attorney General 2006 Public Information Handbookhttp://www.oag.state.tx.us/AG_Publications/pdfs/publicinfo_hb2006.pdf
– Applies to all state and local agencies and boards• Information Resources Management Act, 1992 (as amended) IRMA §2054
(see also Texas Administrative Code 1-TAC-201— Texas Department of Information Resources)
– incorporates a wide array of issues including requirements for designating an information resources manager with responsibility for strategic planning, computer and network security policies, classification of data, risk assessment, etc.
– mandatory only for state agencies, but is a useful guide for non-state organizations For entire text, go to:http://www.capitol.state.tx.us/statutes/docs/GV/content/htm/gv.010.00.002054.00.htmFor summary of requirements to be met by any state agency go to:http://www.dir.state.tx.us/standards/checklist.htmFor security-specific information and requirements, go to:http://www.dir.state.tx.us/security/policies/index.htm
04/19/23 17
Ron Briggs UT-Dallas GISC 6383 GIS Management and Implementation
GIS-Specific Requirements and Policies• For Texas: Texas Geographic Information Council:
http://www.dir.state.tx.us/tgic/pubs/pubs.htm• At Federal level: Federal Geographic Data Committee
Policy on Access to Public Information http://www.fgdc.gov/fgdc/policies/policies.html
Appropriate Access to Geospatial Data in Response to Security Concerns
http://www.fgdc.gov/fgdc/homeland/index.html
• GIS data on web and its implications for homeland security (RAND, 2004)– http://www.rand.org/news/press.04/03.25.html Press release and conclusion– http://www.rand.org/publications/RB/RB9045/ Summary of study– http://www.rand.org/pubs/monographs/2004/RAND_MG142.pdf Full
document
• GIS Code of Ethics from URISA (Urban and Regional Information Systems Association)
http://www.urisa.org/ethics/code_of_ethics.htm
Homeland Security: all disasters are local!Mitigation
• Prevention– Apprehension of terrorists before attack
– Information sharing, hot spot spatial analysis
• Protection– control access to hazards & critical
infrastructure
– location of hazards, establish buffer zones, limit web information?
• Detection– Of intrusions
– Real-time display of sensor data with map
Reaction• Preparedness
– Preparing for actual emergences
– Backups, emergency supplies and their location
• Response– Rescue, evacuation, medical
care, secondary damage control – assess scope of disaster;
coordinate response
• Recovery– Short term: food, water, etc
Long term: restore to prior state– Visual status maps
Planning is the essential component.
Data, its distribution, and its display is the critical GIS contributionR.W. Green: Confronting Catastrophe: A GIS Handbook ESRI Press, 2002
04/19/23 19
Ron Briggs UT-Dallas GISC 6383 GIS Management and Implementation
Emergency Management & Homeland Security• Homeland Security is simply a special case of emergency management• The same principles apply in dealing with any emergency.• Indeed, your “five security responsibilities” are nothing more than the application of emergency management
principles to your own operationEmergency Types: differ by
--mitigation options available--length of planning horizon
Natural Disasters: unplanned natural events such as tornados, hurricanes, floods, droughts, insect infestations, extreme heat or cold
– Limited mitigation options—generally cannot prevent
Human disasters: unplanned events or accidents from human activity such as chemical or radiological spills, fires, explosions, etc..
– More mitigation options
Internal disturbances: events planned by groups to deliberately cause disruption, but not necessarily destruction– More mitigation options; longer planning horizon for reaction
Material shortages: caused by strikes, price wars, resource scarcity, etc.. – More mitigation options; even longer planning horizon (usually) for reaction
Attacks: acts of large scale terrorism using conventional, nuclear or biological weapons– Mitigation may differ, but reaction is the same as for natural or human disasters.
04/19/23 20
Ron Briggs UT-Dallas GISC 6383 GIS Management and Implementation
The Great Dilemna
• Data, its distribution, and its display is the critical GIS contribution.
• Open access to data essential in all disasters.
• But will it help terrorists, who cause only a small portion of all disasters?
04/19/23 21
Ron Briggs UT-Dallas GISC 6383 GIS Management and Implementation
The New Reality—a Perfect Storm?• New Technology
– Big weapons available to small people
– High school biology labs today top Soviet cold war capabilities
• New Enemy– Radical ideologies
– Only a small percent believe, but it only takes a few
• New Approach– apocalyptic terrorism, where the perpetrators death is accepted, even
revered
• New Vulnerability– technology, especially the power and computer grids
– Specialization, for example nobody grows their own food
– Processes, such as just in time delivery (a 4-day food supply in stores)
04/19/23 22
Ron Briggs UT-Dallas GISC 6383 GIS Management and Implementation
More Food for Thought• Google implemented in 2003 a feature wherein
you enter someone’s telephone number into the search bar--and get a map to his or her house.
• go to: Google www.google.com Type your phone number in the search bar with or without dashes (i.e. 555-555-1212 or 5555551212) and hit enter– Then select Mapquest to get a map – Or use Google Earth to get satellite picture
• The controversy surrounding the initial introduction of this feature has since died down, but:– The implications of GIS for personal privacy and other
important societal values are substantial– as a GIS professional, you must be sensitive to these