Assignment 2 – BD308 – Cyber Security – Dwi Nur Ramadhan

Pertanyaan:

1. Provide a real-world business example for a failure in Confidentiality, Integrity, and Availability?
2. How might an e-commerce website prioritize one aspect of the CIA triad over the others for its product pages versus its payment processing system?
3. Explain the principle of “least privilege” and how it supports confidentiality?

Status: 100%

Keterangan: Saya telah mengerjakan dengan baik dan benar

Bukti:

1. A clear example of confidentiality failure occurred in the 2017 Equifax case, when the personal data of approximately 147 million customers was leaked due to a poorly addressed security flaw. This demonstrated a failure to maintain the confidentiality of sensitive information. Integrity failures can be seen in the internal data manipulation incident at Tesla, where company data was altered without authorization, resulting in inaccurate information that could potentially impact business decision-making. Meanwhile, availability failures occurred in the 2021 ransomware attack on Colonial Pipeline, which temporarily shut down operational systems, disrupting fuel distribution and causing significant economic losses.
2. In the context of e-commerce, the priority of CIA aspects can vary depending on the system. On product pages, availability is typically the top priority because customers must be able to access product information at any time; if the website goes down, sales immediately stop. Integrity is also crucial to prevent price and description manipulation, but availability remains the primary focus. Conversely, in payment processing systems, confidentiality and integrity are top priorities because credit card data and transaction information must be kept confidential and cannot be altered. If payment data is leaked or transaction amounts are manipulated, the impact is far more serious than a temporary access disruption.
3. The principle of least privilege is a security concept that states that each user should only have the minimum access strictly necessary to perform their duties. By limiting access rights, the risk of data breaches can be minimized because not everyone has access to sensitive information. If a single account is hacked or an internal error occurs, the impact will not spread throughout the system. Therefore, the principle of least privilege strongly supports confidentiality because it helps ensure that confidential information can only be accessed by authorized parties who truly need that access.