Assignment 1: Security requirements

Mohammad Aqil Akmal Bin Ahmad (21B6005)

PART 1: Consider an ATM in which users provide a PIN and a card for bank account access.
Give examples of confidentiality, integrity, and availability requirements associated with
the system.

Being private is the state of confidentiality, which is a crucial necessity in monetary systems.
As a result, confidentiality is important in the context of ATMs as well. Each account holder is
given a card to ensure anonymity, and each client is also given a private, confidential PIN
(Personal Identification Number) to provide two-fold confidentiality—one through the
physical card and the other through the PIN. Without such confidentiality, customers would
have access to each other's accounts and the crucial information required for transactions to
take place. This would be dangerous for both the bank and the account holders because no
one would be able to protect their accounts from unauthorized access or cash withdrawals.

Integrity is characterized as the quality of being right or true. In monetary systems, integrity
is necessary to guarantee that the balance and other account information will always be
consistently true, even in situations of concurrent access. This ensures that at any time, the
withdrawal or deposit of cash will update the account balance in a way that the net change is
always consistent. Integrity calls for the data to be protected from unauthorized modification
before, during, or after the transaction. The most crucial component of the three security
ideas outlined is the demand for integrity.

The state of readiness to serve is known as availability. One of the main benefits of technology
utilization in the banking industry is availability. The e-corners of the banks, which offer
services from cash withdrawal to deposit, have made it possible for the services to be
available 24 hours a day, seven days a week. However, in comparison to the other aspects
listed in the issue, it is the aspect that is not given top importance.
PART 2: A power plant contains a SCADA (supervisory control and data acquisition) system
controlling the distribution of electric power for a large military installation. The SCADA
system constrains both real-time sensor data and routine administrative information.
Assess the impact for the two data sets separately and the information system as a whole.

Real time sensor information

Confidentiality: Web server maintains a real time information and is not privacy-related. So
there won't be much of a negative impact from the loss of secrecy. Impact of confidentiality
level is low.

Integrity: Web servers give the precise data that is required. The organization may suffer
serious harm as a result of the supervision's poor implementation. Therefore, no alteration is
permitted. Therefore impact of integrity level is high.

Availability: Real-time data availability is necessary at all times. Therefore impact of

availability level is high.

Routine administrative information

Confidentiality: Web server does not contain private information. So impact of confidentiality
level is low.

Integrity: Data loss is not a serious issue. Therefore impact of integrity level is low.

Availability: Loss of availability is not severe. Therefore impact of availability level is low.

Whole information system

Confidentiality: Since the information is unrelated to privacy, the loss of confidentiality will
only have a little negative impact. So impact of confidentiality level is low.

Integrity: Because of the lack of integrity, supervision cannot be implemented effectively,

which can cause significant harm to the organization. Therefore impact of integrity level is
high.

Availability: Since real-time sensor data is required, the impact of availability loss will be
significant. Therefore impact of availability level is high.