Ethics
1. List the three fundamental security properties and for each give an example of a failure.
CIA is a commonly used standard for information systems security, concentrating on the 3 core goals of confidentiality, integrity and availability of information in the system.
When every time IT team installs a software or a sever, they never forget to analyse the data transport methods, data base, how they provide access for users according to the CIA standards.
Those three fundamental security properties are: 1) Confidentiality Confidentiality is limiting the information access for the users in the system. IT administrator need to identify to which users he should give access rights and which users he shouldn’t give or control. Methods like User identification number and password are commonly used techniques. Although these techniques can prevent unauthorised access you can’t guarantee it is 100% reliable. Confidentiality can be breached due to these factors: Information sharing Carelessness of users. Unsecure document storage
In contrast in real life, students log in to university systems by using their user id and pass words. When they leave they should log off their accounts. But sometimes because of their carelessness they forget to do than and leave that as it is. So when situations like that anyone can use their login and do anything they want. (University of Miami, 1997-2008) 2) Integrity
Integrity is the reliability of information resources. Main concentration is data has not been changed or modified during the communication process. It is very important that the user get exact information which came out from the database or whatever the resources. But yet again there is a possibility that integrity can be break.eg: When a user tries to do online transaction, pay pal or net bank web site might appear as same as the original one interface might be same. But the web address or data base can be a fake one. In that case users can get
CIA is a commonly used standard for information systems security, concentrating on the 3 core goals of confidentiality, integrity and availability of information in the system.
When every time IT team installs a software or a sever, they never forget to analyse the data transport methods, data base, how they provide access for users according to the CIA standards.
Those three fundamental security properties are: 1) Confidentiality Confidentiality is limiting the information access for the users in the system. IT administrator need to identify to which users he should give access rights and which users he shouldn’t give or control. Methods like User identification number and password are commonly used techniques. Although these techniques can prevent unauthorised access you can’t guarantee it is 100% reliable. Confidentiality can be breached due to these factors: Information sharing Carelessness of users. Unsecure document storage
In contrast in real life, students log in to university systems by using their user id and pass words. When they leave they should log off their accounts. But sometimes because of their carelessness they forget to do than and leave that as it is. So when situations like that anyone can use their login and do anything they want. (University of Miami, 1997-2008) 2) Integrity
Integrity is the reliability of information resources. Main concentration is data has not been changed or modified during the communication process. It is very important that the user get exact information which came out from the database or whatever the resources. But yet again there is a possibility that integrity can be break.eg: When a user tries to do online transaction, pay pal or net bank web site might appear as same as the original one interface might be same. But the web address or data base can be a fake one. In that case users can get
References: University of Miami. (1997-2008).Confidentiality, Integrity and Availability (CIA). Retrieved Jan 28, 2013 from http://it.med.miami.edu/x904.xml Benzel.T.V, Irvine.C.E, Levin.T.E, Bhaskara.G, Nguyen.T.D Daswani.N, Kern.C, & Kesavan.A. (2007). Secure Design Principles Retrieved Jan 28, 2013, from http://www.developer.com/java/web/article.php/3667601/Secure-Design-Principles.htm Meunier.P (2008) Confusion of Separation of Privilege and Least Privilege Retrieved Jan 28, 2013 from http://www.cerias.purdue.edu/site/blog/post/confusion-of-separation-of-privilege-and-least-privilege/ Kantarcioglu.M (n.d.) fearless engineering. Ut Dallass: Erik Jonsson School of engineering & computer science Seebach.P (2008) The stateless state retrieved Jan 28, 2013 Retrieved Jan 30, 2013 from http://www.alliancedatacom.com/how-vpn-works.asp