Unit One Assignment
Problem 1.1 Consider an automated tell machine (ATM) in which users provide a personal identification number (PIN) and a card for account access. Give examples of confidentiality, integrity and availability requirements associated with the system and, in each case, indicate the degree of importance of the requirements.
Confidentiality is provided by two factors: a unique access card and a PIN that functions as a password. A user must have both of these to access the system. Confidentiality is compromised by the fact that most ATM systems connect to various banks, and the source of information cannot be guaranteed to be from a proper ATM. Also, ATMs are public, and can be accessed by the entire population, allowing things like card swipe readers to be used to attack them.
The importance of confidentiality is medium to high. If it is the loss of confidence ...view middle of the document...
The alteration of a small number of accounts does not stop the main functions of the organization and can be corrected. The alteration of many could be catastrophic.
Availability of the system (and the currency or information it dispenses) is provided by having relatively reliable machines. If one should fail, another is usually not particularly far away. ATM providers have integrated their usage so that different providers may interact (you can go to an ATM provided by a bank other than your own). Availability is threatened by the ATM’s reliance on a connection back to a central system. They generally do not stand alone. So an interruption of this connection means an interruption in availability.
The importance of availability of ATMs is low. The loss of use of a single ATM is not important, and even the loss of many would not cause a significant impact unless over an extended period. Over time, this could turn into a higher importance however.
Problem 1.2 Repeat Problem 1.1 for a telephone switching system that routes calls through a switching network based on the telephone number requested by the caller.
Confidentiality is provided in a phone system by separating the information in each call from each other. Many phone systems now also encrypt this information at various points in the system.
Confidentiality is of medium importance.
Integrity is provided by the timely nature of the data that telephones send. When the conversation is over, the information is gone. Voicemail and future unified communications may change this in the future.
Hence Integrity is presently of low importance.
Availability of telephone systems is generally binary in PBX based system (it is either up or down), however the connection of these systems to the outside world (and that availability) is far more complex. Newer VoIP systems have difference availability challenges brought on by their different architecture and by virtue of generally having more ‘moving parts’ (and hence more functionality)
The availability of most phone systems is of medium to high importance to most organizations based on their operational dependence on their phones.