Consider an automated teller machine (ATM) in which users provide a personal identification number (PIN) and a card for account access a)Give examples of confidentiality, integrity, and availability requirements associated with the system and, in each case, indicate the degree of importance of the requirement.. Answer: Confidentiality: The confidentiality of the details and transactions of the money of a user holding the account is very important.
We will write a custom essay sample
on Telephone and Availability or any similar
topic specifically for you
The customer of a bank holds the methods and machines of the bank to be responsible for his money, indeed customer expects the use of the account and money to be limited to himself and not anyone else. Any leak of the confidentiality of the account may lead to stealing of the money of a valued customer and his trust over the bank. Integrity: The details and transactions of the account of a user should be accurate without any mistake. Any mistake may lead to confusion with the user and may require him to take unnecessary troubles of contacting the bank.
Apart from accuracy in details the mechanism used in ATM should be accurate in dispensing the correct amount. Availability: ATM are considered to be one of the main available asset of a bank anytime. Since it is the one of the methods to view transactions and withdraw money at non business hours its availability is very important. A customer always counts on the ATM at anytime of a day for use of his money so the availability of an ATM is very important with regards to business of a bank.
Repeat Problem (a) for a telephone switching system that routes calls through a switching network based on the telephone number requested by the caller. Confidentiality: Although the confidentiality with the use of telephone should be high, I thing in today's world it is moderate as many agencies are tracking the calls and listening to the conversations if not recording. There is no particular law on the agencies(sometimes government owned) on how, when and why the tracking, recording and using of the saved conversations is done.
Confidentiality should be of high value as it may lead to disclosure of unintended data while tracking or recording. Integrity: A user always rely on the accuracy of the communication services. whenever a user dials a number it is intended to be connected to a identified user on other side. Any missed connection with the line will lead to additional charges if not to customer then to the company. Accuracy in the connection is important factor in telecommunication services. Availability: A customer uses a telephone to communicate with other people when in need.
If not available at the time of need then it is of no use to him. So the availability of the telephone system is of the most important. 2)Consider a desktop publishing system used to produce documents for various organizations. a)Give an example of a type of publication for which confidentiality of the stored data is the most important requirement. Answer: In the system which publishes business data such as share values and share holder data confidentiality is of most important. b)Give an example of a type of publication in which data integrity is the most important requirement.
Answer: Integrity is important in the system which publishes research data, new findings, government data, rules, laws and regulations. c)Give an example in which system availability is the most important requirement Answer: Availability is important in the systems which publishes public data such as health, IT returns and also in the publication of news like papers and news reporters. 3)For each of the following assets, assign a low, moderate, or high impact level for the loss of confidentiality, availability, and integrity, respectively.
Justify your answers. a)An organization managing public information on its Web server. Confidentiality: It may be low because it is public information over internet which can anytime be accessed by any individual by getting in the security of the web page. Availability: should be high so that it may be available to right individual any time. Integrity: Should be high because its public data any wrong information may lead to lots of confusion among the users. b) A law enforcement organization managing extremely sensitive investigative information.
Confidentiality: It should be high. Because the data should be protected from the people about whom investigation was done so that they may not alter the data and act according to it. Integrity: Should be high so that right judgment is given on the basis of the investigation data. Availability: It may be moderate because it is for the use of intended people that is the investigators and the people involving in the conviction of the subject on whom the investigation was done.