CS205 Assignment 1 Solution and Discussion

moaaz

Re: CS205 Assignment 1 Solution and Discussion

                          Assignment No. 01
                    Semester: Spring 2020

CS205: Information Security Total Marks: 30

Due Date: 29 /05/2020

Instructions:
Please read the following instructions carefully before submitting assignment:
You need to use MS word document to prepare and submit the assignment on VU-LMS.
It should be clear that your assignment will not get any credit if:

 The assignment is submitted after due date.
 The assignment is not in the required format (doc or docx)
 The submitted assignment does not open or file is corrupt.
 Assignment is copied (partial or full) from any source (websites, forums, students, etc)

Objectives:

To enhance the learning capabilities of the students about:

• CIA triangle.
• OSI security architecture.

Assignment

Question No-1:
In today’s IT world, different stores are running their businesses through Internet which enables their customers to make sales and purchase transactions online 24/7 from anywhere. Time saving is one of the prime benefits of online business/shopping as the customers don’t have to physically visit the business/shopping centers in this regard. In addition, online businesses also provide the facility of online support and tracking of their orders/transactions to their customers. The customers can get their queries clarified and can track their delivery status i.e. when the goods /products are going to be dispatched to them.
However, in spite of all the benefits of online business/ shopping, still a large number of people hesitate to make online account on the website of online store to perform online transaction due to fear of losing their personal / account information. To ensure the customer gain, the online businesses must need to apply some OSI preventive security measures/services to tackle with the risk associated with their businesses.
In view of above, you are required to carefully analyze each scenario given below and identify the most suitable OSI security service to tackle the risk associated with each scenario:

1. Customer’s personal or order information is considered very important and it should be available only for that specific customer.
2. Customer’s delivery address is stored in the database of an online store for delivery of required items. An employee of this store having legal rights to access this database, unintentionally changes this address information which resultantly can misguide the delivery of products on wrong address.
3. Online shopping website is not accessible due to which its customers are unable to place orders or do any other transaction.
4. Delivery receipt should be received in same form as it is sent to a customer.
5. Online shopping store is going to launch new promotions, but this plan is leaked prior to its launching.
6. While online shopping, customer is transferring online payment via credit card. Both the parties i.e. customer and related bank should be guaranteed for identification of each other.
7. A customer is only allowed to see his/her order status, but not allowed to make any changes in his/her order information after successful submission of order request.
8. A customer performs online order and then later denies for his/her order. How online business will tackle/handle this situation?
9. A customer sends email to an online store to know about his/her order status and the online store replies to the customer with related information of order status. This information should be received as it is sent by online store.

Solution:

Scenario No	OSI security service
1
2
3
4
5
6
7
8
9

Question No-2:
Consider an online performance evaluation system of a company where its employees enter the daily status of the tasks assigned to them in online sheets available in the system. The sheets are analyzed by the competent authorities of the company on daily basis to evaluate the performance of the employees.
You are required to briefly explain the confidentiality, integrity and availability with the help of example associated with this system.
In your point of view which component of C.I.A. Triangle model will get the highest importance and which component will get the least importance according to above mentioned scenario?
Solution:

Best of luck

zaasmi

@moaaz said in CS205 Assignment 1 Solution and Discussion:

Question No-2:
Consider an online performance evaluation system of a company where its employees enter the daily status of the tasks assigned to them in online sheets available in the system. The sheets are analyzed by the competent authorities of the company on daily basis to evaluate the performance of the employees.
You are required to briefly explain the confidentiality, integrity and availability with the help of example associated with this system.
In your point of view which component of C.I.A. Triangle model will get the highest importance and which component will get the least importance according to above mentioned scenario?

Solution:
Integrity:
An employee always relies on the accuracy of entered data /information. Therefore, use of advanced, efficient technology and proper optimization is necessary to ensure that integrity is maintained and employee’s information is secure. Whenever any employee enters his work progress then that information must remain in its original form otherwise any wrong change in report can create a lot of problems for employees. So, the integrity of data should be safe.

Confidentiality:
The employee must expect the privacy. Confidentiality with the use of evaluation system should be high and there should be surety of maintaining privacy between higher management and employee. To access the performance evaluation system, an employee must enter a security password which is available only to authorized employee of the company. Company also needs to ensure privacy of any employee’s performance report. Proper encryption of data ensures that high level of confidentiality is maintained whereas lack of attention towards the same could lead to breach of data/ information. Moreover, the policy related to changing password after regular intervals will help to keep data and information secure.

Availability:
All employees use evaluation system at the end of day to enter their progress status of the tasks/work, assigned to them. So, if the related interface is not available at the time of entering data, then employees would not be able to enter the information in the system. Consequently, the higher management may perceive that the employee(s) has /have intentionally not entered the required information and may take action in this regard. Furthermore, if the system will not be available specially at the time when most of the employees will be updating their status, then it will make the employees frustrated just because no one want to spend extra hours after the working hours. So the availability of the system is also important.
Part-2:
Integrity and Confidentiality holds the highest importance in this scenario.
The availability of system has less importance from information security point of view.

zaasmi

@moaaz said in CS205 Assignment 1 Solution and Discussion:

Question No-1:
In today’s IT world, different stores are running their businesses through Internet which enables their customers to make sales and purchase transactions online 24/7 from anywhere. Time saving is one of the prime benefits of online business/shopping as the customers don’t have to physically visit the business/shopping centers in this regard. In addition, online businesses also provide the facility of online support and tracking of their orders/transactions to their customers. The customers can get their queries clarified and can track their delivery status i.e. when the goods /products are going to be dispatched to them.
However, in spite of all the benefits of online business/ shopping, still a large number of people hesitate to make online account on the website of online store to perform online transaction due to fear of losing their personal / account information. To ensure the customer gain, the online businesses must need to apply some OSI preventive security measures/services to tackle with the risk associated with their businesses.
In view of above, you are required to carefully analyze each scenario given below and identify the most suitable OSI security service to tackle the risk associated with each scenario:

Customer’s personal or order information is considered very important and it should be available only for that specific customer.
Customer’s delivery address is stored in the database of an online store for delivery of required items. An employee of this store having legal rights to access this database, unintentionally changes this address information which resultantly can misguide the delivery of products on wrong address.
Online shopping website is not accessible due to which its customers are unable to place orders or do any other transaction.
Delivery receipt should be received in same form as it is sent to a customer.
Online shopping store is going to launch new promotions, but this plan is leaked prior to its launching.
While online shopping, customer is transferring online payment via credit card. Both the parties i.e. customer and related bank should be guaranteed for identification of each other.
A customer is only allowed to see his/her order status, but not allowed to make any changes in his/her order information after successful submission of order request.
A customer performs online order and then later denies for his/her order. How online business will tackle/handle this situation?
A customer sends email to an online store to know about his/her order status and the online store replies to the customer with related information of order status. This information should be received as it is sent by online store.

Solution:

Scenario No
OSI security service

1

2

3

4

5

6

7

8

9

Solution: