- Consider an automated teller machine (ATM) in which users provide a personal identification number (PIN) and a card for account access. Give examples of confidentiality, integrity, and availability requirements associated with the system and, in each case, indicate the degree of importance of the requirement.
- Consider a desktop publishing system used to produce documents for various organizations.
- Give an example of a type of publication for which confidentiality of the stored data is the most important requirement.
- Give an example of a type of publication in which data integrity is the most important requirement.
- Give an example in which system availability is the most important requirement.
- For each of the following assets, assign a low, moderate, or high impact level for the loss of confidentiality, availability, and integrity, respectively. Justify your answers.
- An organization managing public information on its Web server.
- A law enforcement organization managing extremely sensitive investigative information.
- A financial organization managing routine administrative information (not privacy-related information).
- An information system used for large acquisitions in a contracting organization contains both sensitive, pre-solicitation phase contract information and routine administrative information. Assess the impact for the two data sets separately and the information system as a whole.
- A power plant contains a SCADA (supervisory control and data acquisition) system controlling the distribution of electric power for a large military installation. The SCADA system contains both real-time sensor data and routine administrative information. Assess the impact for the two data sets separately and the information system as a whole.
Field of study: