Professional Documents
Culture Documents
as the pupils' grades has a lot of values that are valuable for certain kinds of people. For
example, the pupils grades are much more valuable for pupils than for the teachers, as it is a
direct factor of the individual pupil’s academic success. In this case, the LMS becomes a
valuable target for pupils (or their parents) that want access to their grade register so that
they can change their (or somebody else's) grades. As the server room is located within the
school, a student may want to break in that room and gain physical access to the servers
where the LMS is stored. Also because the schools LSM is sent through a wireless
connection, anyone has the possibility of tuning into that connection and stealing the
students, parents or teachers personal data.
Integrity - Integrity is the access to modify data, a relevant example is: the modification of
pupils' grades in the school’s LMS, making the student’s grades (data) incorrect. The danger
of breached integrity is that the information found, for example: in a school’s LMS, cannot be
trusted to be authentic anymore.
Accessibility - Accessibility is the fact that a user’s data should be available to that person,
for example: diagnoses in your health journal. When accessibility fails, the user cannot
access the data files necessary for the service. The danger of accessibility is that necessary
information may be encrypted by a “hacker” and often that information is important to have
access to by the user.
a) confidentiality is access control, for example in the form of a two step verification
procedure, this makes it harder for wrong kinds of people to access your account and by that
also: your data.
b) integrity is encryption. That is, by encrypting the files that contain data. Even if a “hacker”
gains access to those files, they will have a hard time modifying or even opening those files.
They would have to decrypt them which may take a very long time (brute force) without vital
information about the person that’s being hacked.
6) The school absolutely needs to pay extra attention before they implement a report-
absence module, as they don’t want pupils to be able to report absence even though they
were at school and vice versa . This is a matter of integrity, the school needs to pay extra
attention to authentication, accountability and maybe a hierarchy of access. For example, a
teachers/admins absence report overwrites a student's report. In the case of the student
being present at school but still being reported as absent or another student reporting on
other students.
7) There are various dangers in having a network without a password, for example an
attacker may use a compromised or false access point. In this case the attacker gains
access to the user's data. A false access point is when the attacker creates a network that
claims to be the intended network (A to B), because a wireless device connects to the
access point with the strongest signal, there is no reason for the device to connect to the
intended network. A compromised access point is when the attacker can gain access to the
victims data by “listening” to the connection between the user and the host (A to B(attacker)
to C).
Both examples are dangers that violate confidentiality, which means that a network without a
password is not safe.
8) If I was to change a grade in the schools grade register, I would set up a compromised or
false access point right before the school opens in order to hopefully get access to an
admin's data. With that data I can access the grade registry and change whichever grades I
want.