Information Security: Comprehensive IT Write Up Solutions

Verified

Added on 2023/01/19

AI Summary

This IT write-up delves into various facets of information security, offering solutions to real-world challenges. The document begins by addressing the importance of confidentiality, integrity, and availability in ATM systems, including encryption of PINs and the need for robust network security. It then analyzes a scenario where a thief attempts to crack an ATM PIN, calculating the maximum possible combinations. The write-up also explores the challenges of biometric authentication, such as accuracy problems, cost considerations, and points of failure. Furthermore, it differentiates between false positives and false negatives within biometric systems, providing scenarios to illustrate their impact and highlighting the severity of false negatives. The solutions are well-supported by references to academic sources and industry best practices.

Running Head: INFO SECURITY
0
IT Write Up
Information Security
(Student details :)
4/1/2019

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Info Security
1
Contents
IT Write Up: Information Security............................................................................................2
Solution: 1..................................................................................................................................2
Solution: 2..................................................................................................................................2
Solution: 3..................................................................................................................................3
Solution: 4..................................................................................................................................4
Solution: 5..................................................................................................................................5
References..................................................................................................................................6

Info Security
2
IT Write Up: Information Security
Solution: 1
ATM’s system has to keep personal identification numbers (PINs) confidential, for
both the host system as well as during on-going transmission for any money
withdrawn transaction. In addition, such system should protect the integrity of an account
records along with of individual transactions. Apart from this, host system availability is
important for the economic well-being of the banks and financial institutions however the
availability of personal teller machines is of comparatively less concern in the context of
ATM systems (Yeh & Chang, 2007).
While considering an ATM system where users uses a PIN as well as a debit card to
access their bank accounts, examples of availability, confidentiality and integrity
requirements related with the ATM system are as follows:
 Integrity requirements: the most important integrity requirement is that the major
actions performed through an ATM must always be linked to an account related with
the customer’s bank card (Stallings, Brown, Bauer, & Bhattacharjee, 2012).
 Confidentiality requirements: within ATM systems, the communication network amid
the bank and the ATM must always be encrypted in a way that customer’s personal
data can be kept confidential efficiently. In addition, as we know that PINs are the
unique numbers which are utilised for withdrawing money from the ATM systems,
hence these PINs must always be encrypted whenever and wherever they are stored
(Peffers, Tuunanen, Rothenberger, & Chatterjee, 2009).
 Availability requirements: in this context, first important availability requirement is
that the ATM systems must always be capable to assist a minimum of X concurrent
customers at a specific time. Apart from this, ATM systems must always be
accessible around 99.9 per cent of the total time so that people do not suffer difficulty
while attempting to draw their money out from the banks (Vacca, 2012).

Info Security
3
Solution: 2
As per the given information, a thief has attempted to steal the money from an ATM
machine and provided that an ATM machine has 0-9 numerical keys along with few special
keys. Besides, the given scenario suggesting that the thief broke five numeric keys thus now
he has the opportunity of making a combination for ATM pin which must be followed with
the rest 5 keys only. Moreover, it is well-known that an ATM pin contains 4 digits hence the
thief will be supposed to enter 4 digits while the number will be 0000 at its minimum level
and 9999 at its utmost level. The reason behind the above is that within integer value, 9 is the
highest value and 0 is the lowest one. In this way, the maximum possible combinations
entered by the thief will be as follows:
 Total number of keys (0,1,2,3,4,5,6,7,8,9) =10
 Additionally, the thief broke out 5 numeric keys, hence left keys=5 keys (p).
 Digits to be entered for the ATM pin (r) =4 & repetition is allowed by the thief.
 Here, on applying Permutation Formula,

 In this way, total maximum number of PINs to be entered = 624, because one
combination will be the card holder or customer’s pin itself.
Solution: 3
In the context of bio-metrics authentication (referred as BA) system, there are some
challenges while inspiring people for using BA at workplaces or anywhere else as follows:
Accuracy problem: as per the users of BA, authorization of the users at the right time
is the main problem during the implementation of bio-metrics system. Authorization often
becomes inaccurate and hence analyze the body parts of human system incorrectly which
should be appropriately authenticated for drawing exact results. In addition, lack of attention
and carefulness during the authentication of BA could majorly ruin the outcomes in terms of
accuracy and authorization (Picanso, 2008).
Counter to the problem: it can be suggested to the users that they should be more
careful and cautious while authenticating with BA as accuracy also depends upon lack of
suppleness (Schultz, 2009).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Info Security
4
Cost: BA is costly in nature from the budget point of view hence the utilisation of
bio-metrics has become complex for the country or company level use. Additionally, budget
of the BA within any institution can make people excuses about using this system for the
entry validations (Howell, 2017).
Counter to the problem: therefore, to counter this argument a proper analysis or
evaluation of the chosen area or location requires to be done prior implementation of the bio-
metrics system. Apart from this, assistance from the efficient financial institutions can also be
taken for the cost-effective implementation of bio-metrics within any system (Datta & Zhao,
2009).
Several points of failures: as we know that entire system is inter-connected with
each other and hence a single point failure may lead to complete shutdown of the whole
system. For an example, ATM systems would also not function properly as well as could
hamper the accounts of customers utilising the same system. In this way, functionality of BA
majorly depends on identifying the face of the persons as well as disturbance within the
similar may lead to failure of the whole associated system (Howell, 2017).
Counter to the problem: points of failures while using BA can get easily reduced by
updating the system timely and removing the bugs at the same time if occurs (Howell, 2017).
Moreover, adopting premium quality technological services in terms of software and
hardware, can remove this challenge from the system (Clodfelter, 2010).
Solution: 4
Within bio-metrics authentication systems, false positives and false negatives both are
suggested to be averted by the system administrators as both are complements to each other
(Kizza, 2009). In this context, following scenarios are highlighting the presence of false
negatives over as well as above false positives:
Scenario I: as we know that major operations of BA are based upon recognition of
faces of the human-beings, it would cause trouble to the owner of a safe during the case of an
emergency (Datta & Zhao, 2009). As the urgent requirement of money or funds will not be
properly processed through the basic elements of BA because as a result the owner of the safe
will suffer and hence situation will become false negative one. In addition, it has been

Info Security
5
observed that within a negative kind of methodology within BA, it can allow in retrieving
location details (Gollmann, 2010).
Scenario II: the second scenario is about dealing with BA while hurting a person
physically or creating a situation close to his or her death. In this context, if an employee who
is suffering from cardiac arrest is not able to get help from his or her colleagues due to non-
authentication by the bio-metrics for not recognizing the persons (Howell, 2017). In this way,
this type of scenarios tends to result false negative and hence could be life-threatening for the
whole organization. Besides, in this case false positive has been become the false negative
due to its last result. Hence, it is clear that false negatives of the BA system are more severe
than false positives of the system (Tiwana & Konsynski, 2010).
Solution: 5

Info Security
6
References
Clodfelter, R. (2010). Biometric technology in retailing: Will consumers accept fingerprint
authentication? Journal of Retailing and Consumer Services, 17(3), 181-188.
Datta, D., & Zhao, H. (2009). Effect of false positive and false negative rates on inference of
binding target conservation across different conditions and species from ChIP-chip
data. BMC bioinformatics, 10(1), 23.
Gollmann, D. (2010). Computer Security. Wiley Interdisciplinary Reviews: Computational
Statistics, 2(5), 544-554.
Howell, K. (2017, 08 28). 3 Problems With Biometric Security, Including Fingerprint ID.
Retrieved from IP Switch: https://blog.ipswitch.com/3-reasons-biometrics-are-not-
secure
Kizza, J. (2009). Guide to computer network security. London: Springer.
Peffers, K., Tuunanen, T., Rothenberger, M., & Chatterjee, S. (2009). A design science
research methodology for information systems research. Journal of managemene
information systems, 24(3), 45-77.
Picanso, K. (2008). Protecting information security under a uniform data breach notification
law. Fordham L.(Rev.), 355.
Schultz, R. (2009). Contemporary issues in ethics and information technology (Ed. ed.).
London: IGI Global.
Stallings, W., Brown, L., Bauer, M., & Bhattacharjee, A. (2012). Computer security:
principles and practice. NJ: Pearson Education.
Tiwana, A., & Konsynski, B. (2010). Complementarities between organizational IT
architecture and governance structure. Information Systems Research, 21(2), 288-304.
Vacca, J. (2012). Computer and information security handbook. London: Newnes.
Yeh, Q., & Chang, A. (2007). Threats and countermeasures for information system security:
A cross-industry study. Information & Management, 44(5), 480-491.