Posted on 25, March 2014
in Category bsg insight
This post looks at the perspective of availability – defined for this purpose as “concerns unwanted withholding of information”. Availability is simply the ability to get what you want from the system when you need it. There should not be any barriers outside of the checks and balances that manage the other security perspectives in the CIADA model. Given that Excel is a fairly robust and prevalent industry application, there are not many software ‘features’ that may deliberately or inadvertently withhold information from its own users; though a side thought would caution against passwords only known by one person which [&hellip
Read More
Posted on 17, March 2014
in Category bsg insight
Integrity This post looks at the perspective of integrity – defined for this purpose as “concerning the unwanted modification of data.” Modifying the data in a sensitive data set is a huge risk. Potential ruinous of the result in its entirety and in the context of a decision support system – it is the kind of thing that people lose jobs, homes and businesses over. Shockingly, people may even want to do this for selfish and malevolent reasons… and in an Excel world they can do this without a trace (almost – which is a thought for another post). The [&hellip
Read More
Posted on 10, March 2014
in Category practitioner experience
Confidentiality For the sake of this post, I’ll define confidentiality as “concerns regarding the unwanted disclosure of information.” Confidentiality is complex as it is both role-driven and time-driven, i.e. sensitive data may only be applicable to me in my current role and for a specific timeframe after which it may become stale and elicit invalid results. Without deploying additional layers (e.g. using the file system layer to assign access via login to specific roles) neither angle is covered by Excel (or any Office-style application). Access is blanket applied – you are in or out of the loop. Hidden sheets help, [&hellip
Read More