Module Question 2
- Provide a real-world business example for a failure in Confidentiality, Integrity, and Availability?
- How might an e-commerce website prioritize one aspect of the CIA triad over the others for its product pages versus its payment processing system?
- Explain the principle of “least privilege” and how it supports confidentiality?
status: 100% mengerjakan tugas
keterangan: sudah mengerjakan tugas dengan benar.
bukti
1.
1. Confidentiality Failure
Example: Equifax Data Breach (2017)
What happened:
Hackers exploited a web application vulnerability and accessed sensitive personal data of approximately 147 million people.
What was compromised:
-
Social Security numbers
-
Birth dates
-
Addresses
-
Driver’s license numbers
Business impact:
-
Massive reputational damage
-
Over $1 billion in fines, settlements, and remediation costs
-
Loss of customer trust
Why this is a confidentiality failure:
Sensitive information was exposed to unauthorized parties.
2. Integrity Failure
Example: Volkswagen Emissions Scandal (2015)
What happened:
Volkswagen installed software in diesel vehicles to manipulate emissions test results, making cars appear environmentally compliant when they were not.
What was compromised:
-
Accuracy and truthfulness of emissions data
-
Reliability of reporting systems
Business impact:
-
Over $30 billion in fines and settlements
-
Criminal charges
-
Severe brand damage
Why this is an integrity failure:
Data and system outputs were intentionally altered, meaning the information could not be trusted.
3. Availability Failure
Example: Colonial Pipeline Ransomware Attack (2021)
What happened:
A ransomware attack forced Colonial Pipeline to shut down fuel distribution operations across the U.S. East Coast.
What was affected:
-
Fuel supply operations
-
Distribution systems
-
Business continuity
Business impact:
-
Fuel shortages
-
Panic buying
-
Millions in financial losses
2.
Product Pages
Priority: Availability
-
Pages must load quickly and stay online.
-
Downtime = lost sales and poor user experience.
-
Some caching is acceptable even if data is slightly delayed.
Why?
If customers can’t access products, the business makes no revenue.
Secondary focus:
-
Integrity (accurate prices & descriptions)
-
Lower emphasis on Confidentiality (information is public).
Payment Processing System
Priority: Confidentiality (and Integrity)
-
Credit card numbers and personal data must be protected.
-
Transactions must be accurate and not altered.
-
Strong encryption and security controls are critical.
Why?
A breach or incorrect transaction can cause legal penalties, fraud, and loss of trust.
3.
Principle of Least Privilege (PoLP)
The Principle of Least Privilege means that users, employees, applications, and systems are given only the minimum level of access necessary to perform their job functions—nothing more.
In simple terms:
If someone doesn’t need access to certain data or systems to do their job, they shouldn’t have it
Business Example
In an e-commerce company:
- A customer service representative can view order details but cannot access full credit card numbers.
- A warehouse employee can update shipping status but cannot modify pricing.
- A marketing staff member can access campaign analytics but not payroll records.
Each role has limited, job-specific access
How Least Privilege Supports Confidentiality
Confidentiality is about protecting sensitive information from unauthorized access. Least privilege strengthens confidentiality in several ways:
Reduces Data Exposure
Fewer people can access sensitive information, lowering the risk of leaks.
Limits Damage from Cyberattacks
If a hacker compromises a low-level account, they cannot access highly sensitive data because permissions are restricted.
Prevents Insider Threats
Employees cannot intentionally or accidentally access data outside their responsibility.
Minimizes Human Error
Limiting access reduces the chance of accidental data deletion, sharing, or misuse.
Summary
The principle of least privilege protects confidentiality by:
- Restricting access to sensitive information
- Minimizing internal and external risks
- Reducing the impact of security breaches
In short:
Less access = Less opportunity for data exposure.
