Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

1. For each CIA concept below, classify each example as having a low, moderate,

ID: 3728765 • Letter: 1

Question

1. For each CIA concept below, classify each example as having a low, moderate, or high level of impact on organizations or individuals. Justify your classifications.

a. Confidentiality: Student enrollment information; Student grade information; Student directories (name, address, telephone).

b. Integrity: An anonymous online poll; A hospital patient’s allergy information stored in a database; A Web site that offers a forum to registered users to discuss some specific topic.

c. Availability: A public Web site for a university; An online telephone directory lookup application; A system that provides authentication services for critical systems, applications, and devices.

Three levels of impact on organizations or individuals should there be a breach of security (i.e., a loss of confidentiality, integrity, or availability), are defined in FIPS PUB 1991: Low: The loss could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. A limited adverse effect means that, for example, the loss of confidentiality, integrity, or availability might (i) cause a degradation in mission capacity to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is noticeably reduced; (ii) result in minor damage to organizational assets; or (iii) result in minor harm to individuals.

Moderate: The loss could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. A serious adverse effect means that, for example, the loss might (i) cause a significant degradation in mission capability to an extent
and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced; (ii) result in significant damage to organizational assets; (iii) result in significant financial loss; or (iv) result in significant harm
to individuals that does not involve loss of life or serious, life-threatening injuries.


High: The loss could be expected to have a severe or catastrophic adverse effect on
organizational operations, organizational assets, or individuals. A severe or catastrophic adverse effect means that, for example, the loss might (i) cause a severe degradation in or loss of mission capability to an extent and duration that the organization is not able to perform its primary functions; (ii) result in major damage to organizational assets; (iii) result in major financial loss; or (iv) result in severe or catastrophic harm to individuals involving loss of life or serious, life-threatening injuries.


The National Institute of Standards and Technology (NIST) has produced a large number of Federal Information Processing Standards Publications (FIPS PUBs), including FIPS 199 (Standards for Security Categorization of Federal Information and Information Systems). FIPS PUB 199 provides a useful characterization of the three security objectives (the CIA triad) in terms of requirements and the definition of a loss of security in each category (confidentiality, integrity, availability).

Explanation / Answer

Hi,

Confidentiality - This will belong to the High level of impact. Students information can be exploited by changing grades.By using names, address, SSN and phone number, they could use for illegal activities and the student will be in serious trouble. Further, Enrollment of Students in that school will drop by drastically. Even it could go to the extent of closure of institute.  

Integrity: Medium level of Impact - Imagine a Students were asked to provide feedback of any teacher and that teacher got to know about each student who has rated him low. This could be a serious matter for their relationship and quality of education will degrade. Over the period of time, Students will avoid taking admission in that school.

Availability: - Low level of Impact-  Suppose online registration of exams is going on and suddenly website got crashed for some reason. Students have to wait till the website is available and they will try to contact to help desk. If the number of students more, this could cause the problem for the School and they will end up spending more money on maintenance of the website. In case it got fail on the deadline date, they might need to extend the deadline for registration which will cause minor harm to the organization.

Thanks!

Related Questions

1. For a buck-boost converter, the input voltage is V in , the output average cu
Question #1846493
1. For a certain firm, total cost is $1,800 when output equals 100, and total co
Question #2429381
1. For a certain reaction, K c = 4.47×10 7 and k f= 2.75×10 5 M 2s1 . Calculate
Question #890741
1. For a certain transverse wave, the distance between two successive crests is
Question #2157857
1. For a chi square test with 3 degrees of freedom, what is the chi-square criti
Question #3364312
1. For a class with several stl::string data members (like Card in the project),
Question #665771
1. For a closed economy, the IS curve describes short-run movements in an econom
Question #1095783
1. For a commercial jetliner calculate the following assuming the aircraft had t
Question #1859513

Navigate

Previous
1. For each Big Data source listed below, identify an organization that you beli
Next
1. For each application below, determine if the particular choice of metal is ap

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.