The verizon and symantec reports show that_______________.
Web is the most vulnerable vector
Email is the most attacked vector
IOT is more secure than other technologies
Malicious internal users or disgruntled employees cause most damage
@moaaz said in CS205 Assignment 1 Solution and Discussion:
Consider an online performance evaluation system of a company where its employees enter the daily status of the tasks assigned to them in online sheets available in the system. The sheets are analyzed by the competent authorities of the company on daily basis to evaluate the performance of the employees.
You are required to briefly explain the confidentiality, integrity and availability with the help of example associated with this system.
In your point of view which component of C.I.A. Triangle model will get the highest importance and which component will get the least importance according to above mentioned scenario?
An employee always relies on the accuracy of entered data /information. Therefore, use of advanced, efficient technology and proper optimization is necessary to ensure that integrity is maintained and employee’s information is secure. Whenever any employee enters his work progress then that information must remain in its original form otherwise any wrong change in report can create a lot of problems for employees. So, the integrity of data should be safe.
The employee must expect the privacy. Confidentiality with the use of evaluation system should be high and there should be surety of maintaining privacy between higher management and employee. To access the performance evaluation system, an employee must enter a security password which is available only to authorized employee of the company. Company also needs to ensure privacy of any employee’s performance report. Proper encryption of data ensures that high level of confidentiality is maintained whereas lack of attention towards the same could lead to breach of data/ information. Moreover, the policy related to changing password after regular intervals will help to keep data and information secure.
All employees use evaluation system at the end of day to enter their progress status of the tasks/work, assigned to them. So, if the related interface is not available at the time of entering data, then employees would not be able to enter the information in the system. Consequently, the higher management may perceive that the employee(s) has /have intentionally not entered the required information and may take action in this regard. Furthermore, if the system will not be available specially at the time when most of the employees will be updating their status, then it will make the employees frustrated just because no one want to spend extra hours after the working hours. So the availability of the system is also important.
Integrity and Confidentiality holds the highest importance in this scenario.
The availability of system has less importance from information security point of view.
@zareen said in CS205 Assignment 2 Solution and Discussion:
A user noticed that someone is using his Facebook account after stealing his credentials. After investigation, he observed that it happened after installing a software downloaded from an un-authentic website.
Aug 25, 2019 - Hacked Facebook accounts are being sold on the dark web, showing the … Problem is that since so many web sites make you use your email for log in name, I’m not … 90 EACH days after the ‘worst ever’ hack of 50 million users (and here’s … a hacker has claimed he sold the plaintext passwords and email …