Information Security: CIA Triad and Biometric Authentication
Added on 2023-06-13
16 Pages4179 Words385 Views
Running head: INFORMATION SECURITY
Information Security
Assessment No-
Assessment Title-
Student Name and ID-
Student name and Code-
Student Email Address-
Information Security
Assessment No-
Assessment Title-
Student Name and ID-
Student name and Code-
Student Email Address-
1INFORMATION SECURITY
Answer to Question 1:
The information security issues are to be mitigated in an Automated Teller Machine and
the software developers of the ATM machine should ensure that there should not exist any kind
of security issues and the customers do not face any transaction problem or they should not have
any authentication problem related to their bank accounts (Beng et al., 2018). So, to ensure
security, the CIA triad is implemented in the security system of the ATM. CIA refers to
confidentiality, Integrity, as well as Availability. The details about the security factors are
explained with examples.
Confidentiality: The main purpose of confidentiality is providing security and privacy to
the data that are involved in the system. Various measures are usually taken so that there is no
issue of confidentiality for the transaction in ATM (Rao & Nayak, 2014). Confidentiality
includes keeping the data secret or private from any other outsider who is not authorized for the
data accessibility. The data needed for ATM transaction should not reach to wrong people who
can misuse the data involved in the system. There should be total restriction about who is access
the ATM data and access should be given only to authenticated user.
Examples of the confidentiality that are related to ATM is that the confidentiality policy
in ATM ensures that account number of the user or the routing number of the user should be kept
private when the user is using Internet banking for all transaction. There are many ways to keep
the data secured, from which one of the process is the data encryption process. By data
encryption, data are made confidentiality (Raspotnig, Karpati & Opdahl, 2017). Another
example of confidentiality related to ATM is that the card should be available with the user while
transaction is going on. Without transaction, there will be no transaction possible. Usually there
Answer to Question 1:
The information security issues are to be mitigated in an Automated Teller Machine and
the software developers of the ATM machine should ensure that there should not exist any kind
of security issues and the customers do not face any transaction problem or they should not have
any authentication problem related to their bank accounts (Beng et al., 2018). So, to ensure
security, the CIA triad is implemented in the security system of the ATM. CIA refers to
confidentiality, Integrity, as well as Availability. The details about the security factors are
explained with examples.
Confidentiality: The main purpose of confidentiality is providing security and privacy to
the data that are involved in the system. Various measures are usually taken so that there is no
issue of confidentiality for the transaction in ATM (Rao & Nayak, 2014). Confidentiality
includes keeping the data secret or private from any other outsider who is not authorized for the
data accessibility. The data needed for ATM transaction should not reach to wrong people who
can misuse the data involved in the system. There should be total restriction about who is access
the ATM data and access should be given only to authenticated user.
Examples of the confidentiality that are related to ATM is that the confidentiality policy
in ATM ensures that account number of the user or the routing number of the user should be kept
private when the user is using Internet banking for all transaction. There are many ways to keep
the data secured, from which one of the process is the data encryption process. By data
encryption, data are made confidentiality (Raspotnig, Karpati & Opdahl, 2017). Another
example of confidentiality related to ATM is that the card should be available with the user while
transaction is going on. Without transaction, there will be no transaction possible. Usually there
2INFORMATION SECURITY
can be two types of data breach that are to be kept in mind. The details of the card should not
been stolen and the employee details of organization should not be accessed by outsiders.
Integrity: The second policy of security is the purpose of integrity. Integrity keep the data
accurate throughout its life, data consistency is followed throughout, and trustworthiness is also
maintained (Salnitri, Dalpiaz & Giorgini, 2017). Integrity assures that the data content remains
same all through the life of the data.
There are some examples of data integrity. The examples are that the information of
ATM card cannot be modified or cannot be changed without the permission of the real user
(Kubbo et al., 2016). The data alteration or modification can be deliberately done or can be
accidental. Accidental as well as deliberate data affects the data integrity of a data. There is
backup storage process to keep the data integrated for the user who wants to keep the data
secured.
Availability: The last policy of the CIA triad is the availability. Availability protects
mainly the hardware of the system and the information that are transmitted while a transaction
process is ongoing (Beng et al., 2018). If the hardware is not maintained, the users will not be
able to proceed with their transaction. There should also be proper upgradation done with the
hardware of the system.
Examples of availability includes that a fully upgraded system is to be used by the
user for transaction of cash (Alsaadi, 2015). Availability also protects any type of denial of
service attack to the system, and data should be available with customer while transaction is
taking place.
can be two types of data breach that are to be kept in mind. The details of the card should not
been stolen and the employee details of organization should not be accessed by outsiders.
Integrity: The second policy of security is the purpose of integrity. Integrity keep the data
accurate throughout its life, data consistency is followed throughout, and trustworthiness is also
maintained (Salnitri, Dalpiaz & Giorgini, 2017). Integrity assures that the data content remains
same all through the life of the data.
There are some examples of data integrity. The examples are that the information of
ATM card cannot be modified or cannot be changed without the permission of the real user
(Kubbo et al., 2016). The data alteration or modification can be deliberately done or can be
accidental. Accidental as well as deliberate data affects the data integrity of a data. There is
backup storage process to keep the data integrated for the user who wants to keep the data
secured.
Availability: The last policy of the CIA triad is the availability. Availability protects
mainly the hardware of the system and the information that are transmitted while a transaction
process is ongoing (Beng et al., 2018). If the hardware is not maintained, the users will not be
able to proceed with their transaction. There should also be proper upgradation done with the
hardware of the system.
Examples of availability includes that a fully upgraded system is to be used by the
user for transaction of cash (Alsaadi, 2015). Availability also protects any type of denial of
service attack to the system, and data should be available with customer while transaction is
taking place.
3INFORMATION SECURITY
Answer to Question 2:
Security is provided by ATM in many ways. There are securities that also includes the
number of transaction that is user can proceed in a day and the number of times the customer can
enter the pin while processing with a single transaction. The security of the ATM allows a
particular customer to input the pin to a maximum of three times for a single transaction (Farooq
et al., 2015). The customer can enter wrong pin accidentally, or can also input the pin wrong
deliberately. But, the maximum number the ATM allows the input of the private pin is three
times. Accidental wrong pins usually happen when the user forgets the pin and goes on trying the
wrong pin several times. But deliberate wrong pins usually occurs when the ATM card is on the
hand of some unauthenticated people and he uses hit and trial method to discover the pin.
The case stated in the question describe a scenario of an ATM where a thief has entered
into an ATM and with a screwdriver he locked the card reader of the machine and broke down
five keypad number keys on the machine. The thief broke five keys of the keypad, and while he
was proceeding with the next one, a customer came to the ATM for transaction.
The customer was able to make his transaction successful. This indicates that the private
pin of the user were from the unbroken keys on the keypad. However, since the card reader was
jammed, the customer could not take out the card. Not able to take out the card, the person went
outside the ATM to get some help. Thinking this as a chance, the thief thought of attempting
some tries to that he can get some cash from the card. With total five keys in working position,
the thief has many possibility to get the private pin of the user. The ATM pin of a card usually
has four digits which were from the five keys that was available. Therefore, total maximum
combinations that are possible to get the pin are:
Answer to Question 2:
Security is provided by ATM in many ways. There are securities that also includes the
number of transaction that is user can proceed in a day and the number of times the customer can
enter the pin while processing with a single transaction. The security of the ATM allows a
particular customer to input the pin to a maximum of three times for a single transaction (Farooq
et al., 2015). The customer can enter wrong pin accidentally, or can also input the pin wrong
deliberately. But, the maximum number the ATM allows the input of the private pin is three
times. Accidental wrong pins usually happen when the user forgets the pin and goes on trying the
wrong pin several times. But deliberate wrong pins usually occurs when the ATM card is on the
hand of some unauthenticated people and he uses hit and trial method to discover the pin.
The case stated in the question describe a scenario of an ATM where a thief has entered
into an ATM and with a screwdriver he locked the card reader of the machine and broke down
five keypad number keys on the machine. The thief broke five keys of the keypad, and while he
was proceeding with the next one, a customer came to the ATM for transaction.
The customer was able to make his transaction successful. This indicates that the private
pin of the user were from the unbroken keys on the keypad. However, since the card reader was
jammed, the customer could not take out the card. Not able to take out the card, the person went
outside the ATM to get some help. Thinking this as a chance, the thief thought of attempting
some tries to that he can get some cash from the card. With total five keys in working position,
the thief has many possibility to get the private pin of the user. The ATM pin of a card usually
has four digits which were from the five keys that was available. Therefore, total maximum
combinations that are possible to get the pin are:
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Information Security: CIA Triad and Biometric Authenticationlg...
|12
|2669
|151
Information Security: Importance of CIA Requirements in ATM Systemslg...
|13
|3715
|129
ATM Information Securitylg...
|10
|2235
|261
Information Securitylg...
|17
|4456
|84
Information Security: CIA Triad, ATM Security, Biometric Authentication, Caesar Cipherlg...
|13
|2577
|292
Sample Paper on Information Securitylg...
|5
|1759
|126