BD308 – Cyber Security – Rafel Yaputra – 2581497989

Module Question 2

 

  1. Provide a real-world business example for a failure in Confidentiality, Integrity, and Availability?
  2. How might an e-commerce website prioritize one aspect of the CIA triad over the others for its product pages versus its payment processing system?
  3. Explain the principle of “least privilege” and how it supports confidentiality?

 

 

status: 100% mengerjakan tugas

keterangan: sudah mengerjakan  tugas dengan benar.

bukti

 

 

1.

1. Confidentiality Failure

Example: Equifax Data Breach (2017)

What happened:
Hackers exploited a web application vulnerability and accessed sensitive personal data of approximately 147 million people.

What was compromised:

  • Social Security numbers

  • Birth dates

  • Addresses

  • Driver’s license numbers

Business impact:

  • Massive reputational damage

  • Over $1 billion in fines, settlements, and remediation costs

  • Loss of customer trust

Why this is a confidentiality failure:
Sensitive information was exposed to unauthorized parties.

2. Integrity Failure

Example: Volkswagen Emissions Scandal (2015)

What happened:
Volkswagen installed software in diesel vehicles to manipulate emissions test results, making cars appear environmentally compliant when they were not.

What was compromised:

  • Accuracy and truthfulness of emissions data

  • Reliability of reporting systems

Business impact:

  • Over $30 billion in fines and settlements

  • Criminal charges

  • Severe brand damage

Why this is an integrity failure:
Data and system outputs were intentionally altered, meaning the information could not be trusted.

3. Availability Failure

Example: Colonial Pipeline Ransomware Attack (2021)

What happened:
A ransomware attack forced Colonial Pipeline to shut down fuel distribution operations across the U.S. East Coast.

What was affected:

  • Fuel supply operations

  • Distribution systems

  • Business continuity

Business impact:

  • Fuel shortages

  • Panic buying

  • Millions in financial losses

   2.

Product Pages

 

Priority: Availability

  • Pages must load quickly and stay online.

  • Downtime = lost sales and poor user experience.

  • Some caching is acceptable even if data is slightly delayed.

Why?
If customers can’t access products, the business makes no revenue.

Secondary focus:

  • Integrity (accurate prices & descriptions)

  • Lower emphasis on Confidentiality (information is public).

 

 Payment Processing System

Priority: Confidentiality (and Integrity)

  • Credit card numbers and personal data must be protected.

  • Transactions must be accurate and not altered.

  • Strong encryption and security controls are critical.

Why?
A breach or incorrect transaction can cause legal penalties, fraud, and loss of trust.

3.

 Principle of Least Privilege (PoLP)

The Principle of Least Privilege means that users, employees, applications, and systems are given only the minimum level of access necessary to perform their job functions—nothing more.

In simple terms:

If someone doesn’t need access to certain data or systems to do their job, they shouldn’t have it

Business Example

In an e-commerce company:

  • A customer service representative can view order details but cannot access full credit card numbers.
  • A warehouse employee can update shipping status but cannot modify pricing.
  • A marketing staff member can access campaign analytics but not payroll records.

Each role has limited, job-specific access

 How Least Privilege Supports Confidentiality

Confidentiality is about protecting sensitive information from unauthorized access. Least privilege strengthens confidentiality in several ways:

 Reduces Data Exposure

Fewer people can access sensitive information, lowering the risk of leaks.

 Limits Damage from Cyberattacks

If a hacker compromises a low-level account, they cannot access highly sensitive data because permissions are restricted.

 Prevents Insider Threats

Employees cannot intentionally or accidentally access data outside their responsibility.

 Minimizes Human Error

Limiting access reduces the chance of accidental data deletion, sharing, or misuse.

 Summary

The principle of least privilege protects confidentiality by:

  • Restricting access to sensitive information
  • Minimizing internal and external risks
  • Reducing the impact of security breaches

In short:

Less access = Less opportunity for data exposure.

Previous Post Previous Post
Newer Post Newer Post

Leave a comment