Page 19 - PowerPoint Presentation
P. 19
Case Analysis 1: CIA Triad
Case Analysis 1: CIA Triad
A. Consider an automated teller machine (ATM) in which users provide a personal
identification number (PIN) and a card for account access. Give examples of
confidentiality, integrity, and availability requirements associated with the system
and, in each case, indicate the degree of importance of the requirement.
B. Consider the following general code for allowing access to a resource:
DWORD dwRet = IsAccessAllowed(...);
if (dwRet == ERROR_ACCESS_DENIED) {
// Security check failed.
// Inform user that access is denied.
}
else {
// Security check OK.
}
a. Explain the security flaw in this program.
b. Rewrite the code to avoid the flaw.
C. Encircle the correct answer from the given choices.
1. Which of the following contains the primary goals and objectives of security?
a. A network’s border perimeter
b. The CIA triad
c. A stand-alone system
d. The internet
2. Which of the following is a principle of the CIA Triad that means authorized
subjects are granted timely and uninterrupted access to objects?
a. Identification
b. Availability
c. Encryption
d. Layering
3. Which of the following is not considered a violation of confidentiality?
a. Stealing passwords
b. Eavesdropping
c. Hardware destruction
d. Social engineering
D. For each of the following assets, assign a low, moderate, or high impact level for the
loss of confidentiality, availability, and integrity, respectively. Justify your answers.
a. An organization managing public information on its Web server.
b. A law enforcement organization managing extremely sensitive investigative
information.
E. Match the security-related concepts and principles to their functions. Write the letter
of the correct answer in the blank provided before each item.
ITEC106 – Systems Security Mr. John Mark L. Dula
