Scribd Logo
Upload

Welcome to Scribd!

  • Session - 2 - Qs

    Uploaded by

    Shukra Shukra
    4 views3 pages
    The document discusses vulnerabilities, threats, and the classification of security requirements. It provides examples of vulnerabilities including outdated anti-malware software and easy to pick locks. Potential threats are identified such as keyloggers stealing social security numbers and thieves breaking in to steal equipment. Security requirements for ATM cards are listed and their classification according to confidentiality, integrity, and availability is discussed. Requirements are also assigned a severity level of high, medium, or low.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses vulnerabilities, threats, and the classification of security requirements. It provides examples of vulnerabilities including outdated anti-malware software and easy to pick locks. Potential threats are identified such as keyloggers stealing social security numbers and thieves breaking in to steal equipment. Security requirements for ATM cards are listed and their classification according to confidentiality, integrity, and availability is discussed. Requirements are also assigned a severity level of high, medium, or low.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views3 pages

    Session - 2 - Qs

    Uploaded by

    Shukra Shukra
    The document discusses vulnerabilities, threats, and the classification of security requirements. It provides examples of vulnerabilities including outdated anti-malware software and easy to pick locks. Potential threats are identified such as keyloggers stealing social security numbers and thieves breaking in to steal equipment. Security requirements for ATM cards are listed and their classification according to confidentiality, integrity, and availability is discussed. Requirements are also assigned a severity level of high, medium, or low.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Tutorial Semester 1, 2019

    “A vulnerability is a weakness in the security of a computer system that allows a malicious


    user to “do something bad.” A threat is a set of circumstances that could possibly cause
    harm, a potential violation of security”

    Read the following scenarios and identify the vulnerability and the threat.

    Adversaries might install key loggers in the computers in our


    Personnel Department so they can steal social security numbers.

    The computers in the Personnel Department do not have up to


    date anti-malware software.

    Our locks are easy to pick.

    Thieves could break into our facility and steal our equipment.

    Our employees don’t understand what information is sensitive


    so they don’t know how to protect it.

    Employees (insiders) might release confidential information to


    our competitors.

    A disgruntled employee could sabotage our factory.

    We don’t do background checks on our employees.

    Eco-terrorists want to discredit our organization.

    They can dump chemicals on our property and then report us to


    1
    the New York Times as polluters
    Tutorial Semester 1, 2019

    Security Requirement C.I.A Classification Severity

    The ATM card owner must retain possession of the card

    The PIN must be kept secret

    Transaction data must be secured during transmission

    Protecting personal information such as social security


    numbers and work status.

    Protecting the physical address from the public

    Performing verification of one’s identity through the use of


    devices or applications.

    The protection during the bank’s processing a request when


    requested to supply a PIN for an ATM card.

    To activate card, you have to call a number, enter your


    account number on card and verify your information.

    When one withdraws money with a card and pin, the person
    needs to memorize the pin number, and not write it on the card
    to prevent any unauthorized use of the card if lost.

    ATM Cards should be kept in a secure location to protect


    access to card numbers and the security codes.

    PIN devices enforce confidentiality by encrypting the card


    number during transmission.

    PIN devices need to have protected barriers around the key


    pads area to prevent anyone from seeing your personal PIN
    number when doing a transaction.

    2
    Tutorial Semester 1, 2019

    Classify the following C.I.A requirements and identify the severity (High, Medium, Low).

    You might also like