Assignment Week 2
Module Question 2
1. Provide a real-world business example for a failure in Confidentiality, Integrity, and Availability?
In contemporary business environments, failures in the three foundational dimensions of information security confidentiality, integrity, and availability can produce significant operational and reputational consequences. A failure of confidentiality occurs when sensitive information is disclosed without proper authorization, as demonstrated by the misuse of user data from Facebook by Cambridge Analytica, where personal data from millions of users was obtained and utilized without informed consent. A failure of integrity arises when data is altered, corrupted, or rendered inaccurate, as illustrated by the data breach involving Equifax, which created substantial risks related to the reliability and trustworthiness of consumer credit information. In contrast, a failure of availability occurs when systems or services become inaccessible to legitimate users, such as during major service disruptions affecting Amazon Web Services, which temporarily rendered numerous digital platforms and applications unavailable despite their data remaining intact.
2. How might an e-commerce website prioritize one aspect of the CIA triad over the others for its product pages versus its payment processing system?
Within an e-commerce system, the relative prioritization of the CIA triad may vary depending on functional context. For product display pages, availability is typically the primary concern, as uninterrupted access is essential to ensure continuous customer engagement and transactional opportunities. While integrity remains necessary to maintain accurate product descriptions and pricing, confidentiality is comparatively less critical because much of the displayed information is publicly accessible. Conversely, payment processing systems demand a stronger emphasis on confidentiality and integrity. Sensitive financial information and personal data must be rigorously protected from unauthorized access, and transaction records must remain accurate and unaltered to preserve financial correctness and user trust. Although availability remains relevant, safeguarding data privacy and transactional accuracy represents the central security priority in this context.
3. Explain the principle of “least privilege” and how it supports confidentiality?
