Information System Security Requirements Analysis and Biometrics

Verified

Added on 2022/09/16

AI Summary

This assignment explores the security requirements of Information Systems, specifically focusing on Automated Teller Machines (ATMs) and biometric authentication. The first part of the assignment discusses the importance of confidentiality, integrity, and availability in ATM systems, providing examples for each and explaining their significance. The second part delves into biometric authentication, examining scenarios where false negatives are more critical than false positives, such as in emergency situations with safe access and in cases where physical harm or life-threatening situations are involved. The solution emphasizes the need to balance security measures with practical considerations, highlighting the potential consequences of system failures in real-world applications. The document includes references to support the analysis.

Running Head: IT Write Up
0
IT Write Up
Information System
(Student Details: )
8/24/2019

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

IT Write Up
1
Information System
Solution 1
As we know that ATMs are typically designed in a way that ATM users can use their
personal identification numbers (PINs) with an ATM card for accessing their bank accounts.
In this context, many requirements are associated with systems like ATM include integrity,
availability, and confidentiality. The above-mentioned requirements are also known as the
security goals of the information security system for protecting the confidentiality of
information while preserving the integrity of such information. The key examples of such
requirements are as follows:
Confidentiality: the confidentiality principle suggests that for accessing credit cards and
debit cards, a person must have a PIN as a security password. This PIN should only be
available to authorized users for ensuring an enhanced level of security. For example,
banking institutions need to assure privacy when communication happens amid bank servers
and the ATM in order to avert hacking of information (Stallings, Brown, Bauer, &
Bhattacharjee, 2012).
In this context, info has important value like personal info, bank account statements, trade
secrets, credit card numbers, and legal documents must be secured. This is because protecting
such info is a vital part of information security in today’s digital world. For example,
information confidentiality comprises enforcing file permissions as well as access control
lists for restricting unwanted access to sensitive and confidential information.
Availability: this goal of information system is the assurance about a host is freely allowed
to send as well as receive legitimate messages on a network with rest hosts available on the
network without any interference (Stallings, Brown, Bauer, & Bhattacharjee, 2012). In other
words, this principle of system security suggests that the ATM frequency must be improved
based on the changed demand of the consumers. In addition, the ATM frequency should be
regularly updated with cash for providing accurate and appropriate services. For example, an
ATM that is out of service may lead to huge user dissatisfaction whereas ATM with accuracy
in services would definitely attract increased customers (Peffers, Tuunanen, Rothenberger, &
Chatterjee, 2009).

IT Write Up
2
Integrity: the security principle of an information system can be explained as an assurance
that data or messages will be exchanged amid two people or hosts over a network without any
major changes while being transmitted across the network. In this context, ATMs must use
efficient and advance technology with correct optimization as well as collaboration for
ensuring the integrity is maintained (Stallings, Brown, Bauer, & Bhattacharjee, 2012). Thus,
fulfilling integrity requirements is all about ensuring that customers’ info is secure from all
possible perspectives.
Solution 2
In general, bio-metric authentication is capable to tune false positive and false
negative rates as per the requirements (Clodfelter, 2010). Therefore, the two circumstances
where false negatives are considerably more severe than false positives are as follows:
Scenario 1: As we know that the main function of bio-metrics is typically based on face
recognition, thus it will be trouble for the owner of a safe in an emergency situation. For
example, in case of a safe owner immediate need of funds cannot be easily processed from
the elements of bio-metrics. Thus, as a result, the owner suffers and thereby emergency
situation leads to develop false negatives in the system. In this case, it is identified that within
a negative approach in the biometric authentication system, it may allow access to location
details. In this way, it is clear that the date of the persons will be stored in various databases.
On the other hand, it has been found that because of the technical issues, the identification of
an individual cannot be accessed whenever actually needed (Datta & Zhao, 2009).
Scenario 2: the second situation is about dealing with hurting individuals physically as well
as leading situations close to death by the biometric authentication. In this context, employees
suffering from cardiac arrest would not get much support from his or her colleagues if bio-
metrics would not identify them (Datta & Zhao, 2009). Therefore, based on it could pose
medical damages to primary employees and thereby may affect the whole life of the person.
In this way, such a situation may lead to becoming false-negative and hence dangerous for
the whole workplace. In this way, this scenario is demonstrating a case where false negatives
are significantly more serious than false positives.

IT Write Up
3
References
Clodfelter, R. (2010). Biometric technology in retailing: Will consumers accept fingerprint
authentication? Journal of Retailing and Consumer Services, 17(3), 181-188.
Datta, D., & Zhao, H. (2009). Effect of false positive and false negative rates on inference of
binding target conservation across different conditions and species from ChIP-chip
data. BMC bioinformatics, 10(1), 23.
Peffers, K., Tuunanen, T., Rothenberger, M., & Chatterjee, S. (2009). A design science
research methodology for information systems research. Journal of managemene
information systems, 24(3), 45-77.
Stallings, W., Brown, L., Bauer, M., & Bhattacharjee, A. (2012). Computer security:
principles and practice. NJ: Pearson Education.