Friday, December 6, 2019
Information Security for Level of Importance to Confidentiality
Question: Discuss about theInformation Security for Level of Importance to Confidentiality. Answer: Confidentiality When a client uses card and a PIN (personal identification number) to gain access to their account using ATM, they expect the PIN to be confidential to the host system of the transactions and communication channel between web host system and bank website server (Bulgurcu, Cavusoglu Benbasat, 2010). Level of importance to confidentiality In situation where a PIN is unsecure when carrying out a transaction, it could lead to compromise of the account. Therefore, it needs to be encrypted well. Integrity The client expects t transaction data to remain the same without any detrimental or accidental changes. Degree of important on integrity An example to illustrate this concept: Think about a client who withdraws $ 600 and the balance expected on the account should be 5500 USD. Instead of the system showing a balance 5500 dollars to the account, it accidently updates 5200 USD. To the part of the client this is a loss since more money has been deducted. It is important to note that as much as the transaction impact on the customer account directly, the integrity of transactions should be protected. Availability ATM machine should be accessible to serve the customers needs the times. Degree of importance of availability It improves the financial progress of financial institution, thus, ATM should be functional and efficient always (Hannan Asif, 2017). Since the thief broke 5 different keys and Alice was able to enter her PIN, he should use the remaining 5 keys. Hence, the total number of the possible keys is calculated as follows; 4- The pin is 4 digits 5- The remaining number of keys since the rest were broken 54 = 625 625 is the number of keys the thief may have to try in the worst case to gain an access to Alice account. Question 3 There are various factors which might be reluctant to use biometric for authentication they are as follows; Cost factor: The cost of biometric is very high compared to the authentication techniques (Hannan Asif, 2017). The biometric systems are costly when compared with the other security measures for authentication, for example passwords and the personal identification numbers (Whitman Mattord, 2011). So whilst the biometrics could offer an extra security, the costs currently has outweighed advantages in many of the cases. Point of the failure: In most of the cases, biometric authentication needs is dependent to the lighting. This could cause problems when it comes to using login techniques (Whitman Mattord, 2011). In the event there was unfortunate accidents that could occur, physical features that are used for the biometric authentication could get changed. This would cause some complexities when it comes to the authentication at a later time. Users might hesitate to use the biometric authentication because the devices are non-cancellable. This means parts which are ruined or even worse in an accident is certainly not easily substituted for instance forgotten password (Whitman Mattord, 2011). This is the reason why people have multiple finger-print scanned when they enlist for the fingerprint biometrics (Safa, Sookhak,Von, Furnell, Ghani Herawan, 2015). Additionally, you will discover security issues and the fear for the possible mishandle to the data and misuse of the data is the major reasons that explain precisely why individuals are cynical to adopting biometric security procedures which includes biometric passports. A false negative is when the biometric systems fail in recognizing an authentic person, which led to something occurring. Depending on what the aspects there could be some serious consequences. Personal: The owner of the safe could be prevented from gaining access to the safe, which lead them unable to access a necessary resource. Institutional: In an instance where server infrastructure is down, organization need to access their data center to restore service (Jain, Ross Pankanti, 2006). Each minute organization losses a lot of money and if the biometric system does not recognize the customer, they continue losing more money and reputation. When biometric is used as the primary affirmation framework for entering the premises it can bring in hindering of resources (Peltier, 2016). At the level of utilizing fingerprints that are identifiable tool for proof to distinguish lawbreakers the false antagonistic might result to not the right individual being charged. In a situation wherein biometric would not acknowledge entry of office security personal and there have been a case where theft happened in an enterprise and biometric authentication provides an having access to all the other except security personnel. Cipher is usually the end product to an encryption which is made to plain text through use of algorithm regarded as Cipher. It entails a series of steps which could be followed as the procedure (Gordon Loeb, 2002). To encipher is converting information into the cipher or code. Cipher is the synonymous with the code since they are both set of steps which encrypts the message. Cipher text that is encrypted text. It means when the text has been sent through use of any media software application (Gordon Loeb, 2002). It will be encrypted. Therefore, no third party or individual could read the text. Those that are not invited to read the text would not be able only the receiver for whom the text is sent can be read the message in its original text form (Peltier, T. R. (2016). The plain text is what one has before any encryption has been done. Moreover, Cipher text is the information which is encrypted as it contains original plaintext and it is unreadable by human or a computer without u tilizing a proper cipher in order to decrypt it (Peltier, 2016). The plain text for the below encrypted text through use of key 13 is NTJWKHXK AMK WWUJJYZTX MWKXZKUHE when the text has been decrypted it become as follows; AGWJXUKX NZX JJHWWLMGK ZJXKMXHUR. References Bulgurcu, B., Cavusoglu, H., Benbasat, I. (2010). Information security policy compliance: a empirical study of rationality-based beliefs and information security awareness. MIS quarterly, 34(3), 523-548. Gordon, L. A., Loeb, M. P. (2002). The economics of information security investment. ACM Transactions on Information and System Security (TISSEC), 5(4), 438-457. Hannan, S. A., Asif, A. M. A. M. (2017). Analysis of Polyalphabetic Transposition Cipher Techniques used for Encryption and Decryption. International Journal of Computer Science and Software Engineering (IJCSSE), 6(2), 41-46. Jain, A. K., Ross, A., Pankanti, S. (2006). Biometrics: a tool for information security. IEEE transactions on information forensics and security, 1(2), 125-143. Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press. Safa, N. S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N. A., Herawan, T. (2015).Information security conscious care behaviour formation in organizations. Computers Security, 53, 65-78. Whitman, M. E., Mattord, H. J. (2011). Principles of information security. Cengage Learning.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.