Information Security: CIA Triad, ATM Security, Biometric Authentication, Caesar Cipher
Added on 2023-06-14
13 Pages2577 Words292 Views
|
|
|
Running head: INFORMATION SECURITY
INFORMATION SECURITY
Assessment No-
Assessment Title-
Student Name and ID-
Student name and Code-
Student Email Address-
INFORMATION SECURITY
Assessment No-
Assessment Title-
Student Name and ID-
Student name and Code-
Student Email Address-
1INFORMATION SECURITY
Question 1:
The confidentiality, integrity, as well as availability is known as CIA triad is basically a
design that helps to guide the policies for providing security of information involved in an
organization. Examples of Confidentiality, Integrity, and availability according to CIA Triad are
explained below.
Confidentiality:
Confidentiality offers privacy to all the data involved in the network of ATM system. The
sensitive information is protected from reaching to unauthorized people ad makes sure that the
right person gets the right information at the right time. Confidentiality involves access of data
only to an authorized person so that they can view their data (Bhagavatula et al., 2015). The data
that are stored are to be made confidential and should be categorized with respect to the amount
and damage type if are misused by some other person. Example of confidentiality is to ensure the
confidentiality to an account number while carrying transaction by an ATM. The data that are to
be kept safe involves the process of data encryption ensuring the confidentiality of the data. The
passwords and the user ids that are used in an ATM transaction use a two-factor authentication
for ensuring the confidentiality of the data (Ghosh et al., 2017). The confidentiality are also
included in biometric verification and the security tokens or soft tokens. Confidentiality with
extra measures are to be taken in an ATM transaction because the data in are extremely
confidential.
Integrity:
Question 1:
The confidentiality, integrity, as well as availability is known as CIA triad is basically a
design that helps to guide the policies for providing security of information involved in an
organization. Examples of Confidentiality, Integrity, and availability according to CIA Triad are
explained below.
Confidentiality:
Confidentiality offers privacy to all the data involved in the network of ATM system. The
sensitive information is protected from reaching to unauthorized people ad makes sure that the
right person gets the right information at the right time. Confidentiality involves access of data
only to an authorized person so that they can view their data (Bhagavatula et al., 2015). The data
that are stored are to be made confidential and should be categorized with respect to the amount
and damage type if are misused by some other person. Example of confidentiality is to ensure the
confidentiality to an account number while carrying transaction by an ATM. The data that are to
be kept safe involves the process of data encryption ensuring the confidentiality of the data. The
passwords and the user ids that are used in an ATM transaction use a two-factor authentication
for ensuring the confidentiality of the data (Ghosh et al., 2017). The confidentiality are also
included in biometric verification and the security tokens or soft tokens. Confidentiality with
extra measures are to be taken in an ATM transaction because the data in are extremely
confidential.
Integrity:
2INFORMATION SECURITY
The integrity process involves in maintaining the accuracy, consistency and
trustworthiness of the data over its lifetime. While transmission, the data must not be changed or
altered and corresponding step are to be taken to ensure the data from being changed or altered
by some unauthorized people. The measures that are included in integrity are file permission and
the access control of the user (Memon, 2017). There are version controls available to protect the
data that are changed in an erroneous way or accidental erasing of data by authenticated users.
For verification of data integrity, the data contains checksums and cryptography checksums.
There are also redundancies and backup processes for the data available.
Availability:
Availability ensures to maintain all the hardware so that the hardware performs well
repairing the changes that are needed and maintains the functioning of the system correctly. The
availability ensures to keep all the system up to date providing a good communication bandwidth
and prevent the bottleneck occurrence. The details of the ATM should be available with the user
so that the availability of data is not lost. There should be safeguards for protecting the loss of
data or any interruptions in the connection. Backup of data is the most important method to make
the data available to the user in any case of accidental loss (Thomas, Vinod & Robinson, 2017).
Firewalls or proxy servers are also used as an extra equipment of security against the
unreachable and downtime data occurred because of malicious attacks such as network intrusion
or denial-of-service attacks that can happen with the data.
Question 2:
As per the given case in the question, the thief has already broken five keys of the ATM
machine and is left with only other five keys. He had also jammed the card reader system of the
The integrity process involves in maintaining the accuracy, consistency and
trustworthiness of the data over its lifetime. While transmission, the data must not be changed or
altered and corresponding step are to be taken to ensure the data from being changed or altered
by some unauthorized people. The measures that are included in integrity are file permission and
the access control of the user (Memon, 2017). There are version controls available to protect the
data that are changed in an erroneous way or accidental erasing of data by authenticated users.
For verification of data integrity, the data contains checksums and cryptography checksums.
There are also redundancies and backup processes for the data available.
Availability:
Availability ensures to maintain all the hardware so that the hardware performs well
repairing the changes that are needed and maintains the functioning of the system correctly. The
availability ensures to keep all the system up to date providing a good communication bandwidth
and prevent the bottleneck occurrence. The details of the ATM should be available with the user
so that the availability of data is not lost. There should be safeguards for protecting the loss of
data or any interruptions in the connection. Backup of data is the most important method to make
the data available to the user in any case of accidental loss (Thomas, Vinod & Robinson, 2017).
Firewalls or proxy servers are also used as an extra equipment of security against the
unreachable and downtime data occurred because of malicious attacks such as network intrusion
or denial-of-service attacks that can happen with the data.
Question 2:
As per the given case in the question, the thief has already broken five keys of the ATM
machine and is left with only other five keys. He had also jammed the card reader system of the
3INFORMATION SECURITY
ATM machine as a result of which the customer was not able to take out his ATM card after the
transaction. The transaction done by the customer was successful, which states that the four digit
pin number of the customer was within the five keys that were good. For the thief to discover the
pin correctly, there are many possibilities. Combining the five digits on the keypad, the thief can
generate many four digit pins. The maximum number of pins that the thief can generate is
5!/ (5-4)! = (5 * 4 * 3 * 2 * 1) / 1 = 120 four digit pins.
But, as per the security of the ATM is concerned, the thief will not get 120 times of try to
establish a successful transaction. The maximum number of times the thief will be able to enter
the pin is three times. Coincidently, if the correct pin comes within the three times of the entered
pin, the thief will be successful in collecting the cash (Alsaadi, 2015). Otherwise, after entering
the wrong pin three times, the card will be blocked and the customer will get to know about the
unauthorized transaction.
Question 3:
Reasons why people finds secure to use biometrics are stated as follows:
1) Helps to reduce the administrative cost: The modern identification of biometric helps to
manage the system that consists of hardware and software with easy installation process and easy
manageable process. The installation of biometric process and managing its component does not
require training as installation process is very easy and manages the cost of maintaining the
systems. Other cost are also saved by using the biometric authentication such as issuance of a
new IDcard or replacing the damaged or the old ones (De Luca et al., 2015). There are also
biometric identification that helps to generate the cost saving for the IT by elimination of
ATM machine as a result of which the customer was not able to take out his ATM card after the
transaction. The transaction done by the customer was successful, which states that the four digit
pin number of the customer was within the five keys that were good. For the thief to discover the
pin correctly, there are many possibilities. Combining the five digits on the keypad, the thief can
generate many four digit pins. The maximum number of pins that the thief can generate is
5!/ (5-4)! = (5 * 4 * 3 * 2 * 1) / 1 = 120 four digit pins.
But, as per the security of the ATM is concerned, the thief will not get 120 times of try to
establish a successful transaction. The maximum number of times the thief will be able to enter
the pin is three times. Coincidently, if the correct pin comes within the three times of the entered
pin, the thief will be successful in collecting the cash (Alsaadi, 2015). Otherwise, after entering
the wrong pin three times, the card will be blocked and the customer will get to know about the
unauthorized transaction.
Question 3:
Reasons why people finds secure to use biometrics are stated as follows:
1) Helps to reduce the administrative cost: The modern identification of biometric helps to
manage the system that consists of hardware and software with easy installation process and easy
manageable process. The installation of biometric process and managing its component does not
require training as installation process is very easy and manages the cost of maintaining the
systems. Other cost are also saved by using the biometric authentication such as issuance of a
new IDcard or replacing the damaged or the old ones (De Luca et al., 2015). There are also
biometric identification that helps to generate the cost saving for the IT by elimination of
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
CSC8419 - Cryptography and Security: Assignment 1lg...
|8
|2184
|78
Information Security: CIA Triad and Biometric Authenticationlg...
|12
|2669
|151
Information Security: CIA Triad and Biometric Authenticationlg...
|16
|4179
|385
Information Security: Importance of CIA Requirements in ATM Systemslg...
|13
|3715
|129
Information Securitylg...
|17
|4456
|84
Assessment 2 - Information Security - ITC595lg...
|8
|2053
|297