Page Comparison

Impersonation in e-logbook transactions

Common criminal/identity thief

Impersonation using stolen identity credentials, with fraudulent reporting of false data to incriminate or defame victim

Inconvenience, distress or damage to standing or reputation

Low: common criminals are unlikely to have subject-area expertise to discover an incrimination or defamation opportunity and there are probably easier attacks

Low: impersonated parties or agency staff would be likely to notice during dockside interview process and/or subsequent data review, and when detected, the impact could be effectively mitigated

"

"

Impersonation using stolen identity credentials, for access to sensitive information

Unauthorized release of sensitive information

Low: successful identity theft could result in compromise of sensitive information from the victim's logbook records but an uninformed criminal would be unlikely to find or identify sensitive information

Low: probably the only information of value that is credibly at risk is catch location, timing, and gear, and the people with the means to take advantage of that unique information are already well placed to have that same knowledge or to acquire it by closely observing the victim's fishing activity.  Also, the impact would be limited to the party whose identity has been stolen

Impersonation in e-logbook transactions

Disgruntled industry employee

Impersonation using stolen identity credentials, with fraudulent reporting of false data to incriminate or defame victim

Inconvenience, distress or damage to standing or reputation

Moderate: an employee might have the means, motive, and opportunity, but risk exposure is not significantly different in electronic transactions than it is in paper transactions

Low: impersonated parties or agency staff would be likely to notice during dockside interview process and/or subsequent data review, and when detected, the impact could be effectively mitigated

"

"

Impersonation using stolen identity credentials, for access to sensitive information

Unauthorized release of sensitive information

Low: the employee with the means and opportunity already has access to sensitive information and is unlikely to find anything more interesting in logbook data

Low: probably the only information of value that is credibly at risk is catch location, timing, and gear, and the disgruntled employee is likely to already have that information from personal observation.   Also, the impact would be limited to the party whose identity has been stolen

Impersonation in e-logbook transactions

Competitor

Impersonation using stolen identity credentials, with fraudulent reporting of false data to incriminate or defame victim

Inconvenience, distress or damage to standing or reputation

Low: a competitor might have a motive, but an electronic system does not make them more likely to have means or opportunity.  Risk exposure is not significantly different in electronic transactions than it is in paper transactions.

Low: impersonated parties or agency staff would be likely to notice during dockside interview process and subsequent data review, and when detected, the impact could be effectively mitigated

"

"

Impersonation using stolen identity credentials, for access to sensitive information

Unauthorized release of sensitive information

Low: a competitor might have a motive, but an electronic system does not make them more likely to have means or opportunity.  Risk exposure is not significantly different in electronic transactions than it is in paper transactions.

Low: probably the only information of value that is credibly at risk is catch location, timing, and gear, and the people with the means to take advantage of that unique information are already well placed to have that same knowledge or to acquire it by closely observing the victim's fishing activity.  Also, the impact would be limited to the party whose identity has been stolen

Repudiation to escape accountability

Customer (fisher)

Signer claims "I didn't sign that"

Inconvenience, distress or damage to standing or reputation

Low: in most cases a customer who repudiated an e-logbook document submission could then be prosecuted for fishing without following record-keeping and reporting requirements.  There will generally be independent evidence of the fishing or processing activity (follow the fish.)

Low: agency might expend effort to resolve, but the distress would be limited and short-term

Inconvenience, distress, or damage to standing or reputation

at worst, limited, short-term inconvenience, distress or embarrassment to any party

at worst, serious short term or limited long-term inconvenience, distress or damage to the standing or reputation of any party

severe or serious long-term inconvenience, distress or damage to the standing or reputation of any party (ordinarily reserved for situations with particularly severe effects or which affect many individuals)

Financial loss or agency liability

at worst, an insignificant or inconsequential unrecoverable financial loss to any party

at worst, a serious unrecoverable financial loss to any party

severe or catastrophic unrecoverable financial loss to any party

Harm to agency programs or public interest

at worst, an insignificant or inconsequential agency liability

at worst, a serious agency liability

severe or catastrophic agency liability

Harm to agency programs or public interests

at worst, a limited adverse effect on organizational operations or assets, or public interests. Examples of limited adverse effects are: (1) mission capability degradation to the extent and duration that the organization is able to perform its primary functions with noticeably reduced effectiveness, or (2) minor damage to organizational assets or public interests

at worst, a serious adverse effect on organizational operations or assets, or public interests. Examples of serious adverse effects are: (1) significant mission capability degradation to the extent and duration that the organization is able to perform its primary functions with significantly reduced effectiveness; or (2) significant damage to organizational assets or public interests

a severe or catastrophic adverse effect on organizational operations or assets, or public interests. Examples of severe or catastrophic effects are: (1) severe mission capability degradation or loss of to the extent and duration that the organization is unable to perform one or more of its primary functions; or (2) major damage to organizational assets or public interests

Unauthorized release of sensitive information

at worst, a limited unauthorized release of personal, U.S. government sensitive, or commercially sensitive information to unauthorized parties resulting in a loss of confidentiality with an expected limited adverse effect on organizational operations, organizational assets, or individuals

at worst, a release of personal, U.S. government sensitive, or commercially sensitive information to unauthorized parties resulting in loss of confidentiality with an expected serious adverse effect on organizational operations, organizational assets, or individuals.

a release of personal, U.S. government sensitive, or commercially sensitive information to unauthorized parties resulting in loss of confidentiality with an expected severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals

Harm to personal safety

at worst, minor injury not requiring medical treatment

at worst, moderate risk of minor injury or limited risk of injury requiring medical treatment

a risk of serious injury or death

Civil or criminal violations

at worst, a risk of civil or criminal violations of a nature that would not ordinarily be subject to enforcement efforts

at worst, a risk of civil or criminal violations that may be subject to enforcement efforts

a risk of civil or criminal violations that are of special importance to enforcement programs