Consider an automated cash deposit machine in which users provide a card or an account number to deposit cash. Give examples of confidentiality, integrity, and availability requirements associated with the system, and, in each case, indicate the degree of importance of the requirement.
Confidentiality:
By confidentiality means only authorized persons have access to the account information. By providing your account number, and your details through card, and finally entering your correct PIN. It’s the PIN number giving the sole authorization over your account. Now you have the access to your account and the choice to withdraw or deposit funds or check your balance. This is what confidentiality
Degree of Importance:
Failing in authorization would cause someone else to have access to your account and the balance will be wiped off sooner or later.
Data Integrity:
Data Integrity in the sense, No one in the middle(a malicious person) has access to information between the ATM to the host server. It should maintain its unaltered original form.
In a real sense – Details you’ve given in ATM such as your account number, your PIN, personal information is able to reach its host server without alteration in data or eavesdropping by someone. This ability of untouched or unaltered form communication between ATM and host server is what we call Data integrity.
Degree of Importance:
If somehow failed in data integrity, which would have the highest level of consequences for the error. If some third-party bad actor listens to your account credentials, now he has every information to reach your account and clean your bank balance-so data integrity should be given the highest degree of importance.
Availability:
When you enter all your credentials and server would give you the required information or service such as bank balance or deposit/withdrawal of funds — The property of an ATM(in this case) being able to provide all the requested services without delay is what we call availability
Degree of Importance:
being unable to provide service for an authorized customer would give a bad experience for the customer, so the consequences are more on the service provider than the customer.