assignment 2 – BD308 – Cyber Security – Genap 25/26 – fazri akirman – 2581485145

pertanyaan:

  1. Provide a real-world business example for a failure in Confidentiality, Integrity, and Availability?
  2. How might an e-commerce website prioritize one aspect of the CIA triad over the others for its product pages versus its payment processing system?
  3. Explain the principle of “least privilege” and how it supports confidentiality?

status:100%

keterangan:done

bukti:

 

  1. Failures in Confidentiality, Integrity, and Availability demonstrate how critical information security is to modern businesses. The Equifax data breach illustrates a breakdown in confidentiality, where sensitive customer information was exposed to unauthorized parties, resulting in legal penalties and loss of public trust. The Volkswagen emissions scandal represents a failure of integrity, as data was deliberately manipulated, undermining accuracy, transparency, and corporate credibility. Meanwhile, the IT system outage experienced by British Airways highlights an availability failure, where essential services became inaccessible, causing operational disruption and financial losses. Together, these cases show that weaknesses in any component of the CIA Triad can lead to severe financial, legal, and reputational consequences, emphasizing the importance of strong cybersecurity and governance practices in business operations.
  2. In an e-commerce environment, the prioritization of the CIA Triad depends on the function of the system being protected. For product pages, Availability is the highest priority because customers must be able to access and browse products at all times; downtime directly results in lost sales and reduced customer satisfaction. Integrity is also important to ensure accurate pricing and product information, while confidentiality is relatively less critical since most product data is public. In contrast, for the payment processing system, Confidentiality and Integrity become the top priorities because sensitive financial information must be protected from unauthorized access and transactions must remain accurate and untampered. Although availability remains important in both cases, the protection of financial data and transaction accuracy is more critical in payment systems, demonstrating that security priorities must align with business risk and system function.
  3. The principle of “least privilege” states that users, systems, and applications should be granted only the minimum level of access necessary to perform their specific tasks—no more and no less. By limiting access rights, organizations reduce the risk of unauthorized data exposure, whether caused by human error, insider threats, or compromised accounts. When individuals can only access information essential to their roles, sensitive data remains restricted to those with legitimate needs, thereby minimizing potential data leaks or misuse. In this way, the principle of least privilege directly supports confidentiality by ensuring that private and critical information is accessible only to authorized parties and protected from unnecessary or excessive access.

Previous Post Previous Post
Newer Post Newer Post

Leave a comment