Question

Suppose you are an expert in Information Security Consultancy Company. For each of the following assets, assign a low, moderate, or high impact level for the loss of confidentiality, availability, and integrity, respectively. Justify your answers in details:

1.  An organization managing public information on its Web server.

2.  A financial organization managing routine (regular) administrative information (not privacy related information).

3.  A power plant contains a data acquisition system that will be used to control the distribution of electric power for a large military installation. The system contains real-time sensor data. Assess the impact for data sets on the power plant.

Answer 1

Information Security:

Organizations and people that use computers can describe their needs for information security and faith in systems in terms of three major fundamentals:

• Confidentiality: managing or controlling who gets to read the information.

• Integrity: guaranteeing that information and programs are changed or modified only in a specified and authorized manner.

• Availability: assuring that authorized users only have access to information and resources.

1. Managing public information on its web server in an organization:

Confidentiality:

1. Web server contains the public information. So everyone can access that information.

2. So there is no confidentiality is provided.

3. So impact of confidentiality level is low.

Integrity:

1. Server maintains public information. So there may be anyone can modify or misuse the data that is either authorized user or intruder.
2. So impact of integrity level is moderate.

Availability:

1. Loss of information is not a biggest problem in this server.
2. So impact of availability level is moderate.

2. Managing routine administrative information:

Confidentiality:

1. Web server consists only routine or regular information not privacy related information. So everyone can access that information.
2. So there is no confidentiality is provided.
3. So impact of confidentiality level is low.

Integrity:

1. Server maintains routine information. If data loss is happened , it is not a big problem.
2. So impact of integrity level is low.

Availability:

1. Loss of information is not a biggest problem in this server.
2. So impact of availability level is low.

3. Real time sensor information:

Confidentiality:

1. Web server maintains real time information. So loss of confidentiality is not a big problem.
2. So impact of confidentiality level is low.

Integrity:

1. Web server provides exact data is necessary. So there is no modification allowed
2. Therefore impact of integrity level is high.

Availability:

1. Data availability is required at any time.
2. Therefore impact of availability level is high.