1. Confidentiality
Data breach at Tokopedia (2020) exposed millions of user records.
→ Failure to protect sensitive customer data.
2. Integrity
Fake account scandal at Wells Fargo (2016), where employees created unauthorized accounts.
→ Compromised accuracy and trustworthiness of financial records.
3. Availability
DDoS attack on Dyn (2016) disrupted access to major websites.
→ Systems became unavailable to users.
2.
1. Product Pages
Priority: Availability
The site must stay online so customers can browse products anytime. Short downtime means lost sales. Confidentiality and integrity are important, but availability is the top concern here.
2. Payment Processing System
Priority: Confidentiality and Integrity
Sensitive data (credit card details, personal information) must be protected and transactions must be accurate. Any data leak or manipulation would cause financial and legal consequences. Availability is still important, but security is the highest priority.
3.
Principle of Least Privilege (PoLP) means users, employees, or systems are given only the minimum level of access needed to perform their tasks—nothing more.
How It Supports Confidentiality:
-
Limits access to sensitive data only to authorized individuals.
-
Reduces the risk of internal misuse or accidental data exposure.
-
Minimizes damage if an account is hacked, since the attacker gains limited access.