SHARE
SPREAD
HELP

The Tradition of Sharing

Help your friends and juniors by posting answers to the questions that you know. Also post questions that are not available.


To start with, Sr2Jr’s first step is to reduce the expenses related to education. To achieve this goal Sr2Jr organized the textbook’s question and answers. Sr2Jr is community based and need your support to fill the question and answers. The question and answers posted will be available free of cost to all.

 

#
Authors:
William Stallings
Chapter:
Computer And Network Security Concepts
Exercise:
Problems
Question:4 | ISBN:9781292158587 | Edition: 7

Question

For each of the following assets, assign a low, moderate, or high impact level for the loss of confidentiality, availability, and integrity, respectively. Justify your answers.
a. A student maintaining a blog to post public information.
b. An examination section of a university that is managing sensitive information about exam papers.
c. An information system in a pathological laboratory maintaining the patient’s data.
d. A student information system used for maintaining student data in a university that contains both personal, academic information and routine administrative information (not privacy related). Assess the impact for the two data sets separately and the information system as a whole.
e. A University library contains a library management system which controls the distribution of books amongst the students of various departments. The library management system contains both the student data and the book data. Assess the impact for the two data sets separately and the information system as a whole.

TextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbook

Answer

To assign impact levels for the loss of confidentiality, availability, and integrity for each asset, we'll consider the sensitivity of the data and the criticality of the system. Here are the impact levels for each asset, along with justifications:

a.

A student maintaining a blog to post public information.

  • Confidentiality: Low impact. The information posted on the blog is already public, so the loss of confidentiality would not have a significant impact.
  • Availability: Low impact. The availability of the blog may be important for the student and their audience, but the impact is relatively low compared to other assets.
  • Integrity: Low impact. The loss of integrity may affect the credibility of the information posted on the blog, but it would not have severe consequences.

b.

An examination section of a university managing sensitive information about exam papers.

  • Confidentiality: High impact. The loss of confidentiality of sensitive exam papers can lead to cheating, compromising the fairness and integrity of the examination process.
  • Availability: Moderate impact. If the examination section loses availability, it may disrupt the scheduling and administration of exams, but it may be recoverable.
  • Integrity: High impact. Tampering with exam papers or compromising their integrity can have severe consequences, including grade inflation or unfair evaluation.

c.

An information system in a pathological laboratory maintaining patient data.

  • Confidentiality: High impact. Patient data is highly sensitive, and the loss of confidentiality can lead to privacy breaches, legal implications, and harm to individuals.
  • Availability: Moderate impact. If the system becomes unavailable, it may disrupt laboratory operations and delay patient care, but it may be recoverable.
  • Integrity: High impact. The integrity of patient data is crucial for accurate diagnosis and treatment. Tampering or alteration can lead to medical errors, misdiagnosis, or inappropriate treatments.

d.

A student information system used for maintaining student data in a university.

  • Personal, Academic Information (Confidentiality): Moderate impact. While personal and academic information should be protected, the impact is not as high as sensitive healthcare or financial data.
  • Routine Administrative Information (Confidentiality): Low impact. Routine administrative information, such as course schedules or room assignments, has less sensitivity.
  • System as a whole (Availability): Moderate impact. If the student information system becomes unavailable, it can disrupt administrative processes and access to student services.
  • System as a whole (Integrity): Moderate impact. The integrity of student data is important for accurate records and decision-making, but the consequences of compromise are generally less severe.

e.

A University library containing a library management system with student and book data.

  • Student Data (Confidentiality): Moderate impact. Student data includes personal information and academic records, which should be protected but may have less sensitivity compared to healthcare or financial data.
  • Book Data (Confidentiality): Low impact. The loss of confidentiality of book data may have minimal consequences for privacy.
  • System as a whole (Availability): Moderate impact. If the library management system becomes unavailable, it may disrupt book distribution and access to library services.
  • System as a whole (Integrity): Moderate impact. The integrity of student and book data is important for accurate records and resource management, but the consequences of compromise are generally less severe.
0 0

Discussions

Post the discussion to improve the above solution.