Scribd
Upload
14 views3 pages

Understanding Information Security Risks

This document contains an assignment submission for an Introduction to Information Security course. It includes definitions of threat, vulnerability, and risk. It also discusses the concepts of confidentiality, integrity, and availability in the context of ATM security. Finally, it defines unethical behavior and ethics, and discusses the role of information security teams in enforcing policy and training to deter unethical and illegal activities and protect organizational systems.

Uploaded by

Marvellous R Makuwe
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
14 views3 pages

Understanding Information Security Risks

This document contains an assignment submission for an Introduction to Information Security course. It includes definitions of threat, vulnerability, and risk. It also discusses the concepts of confidentiality, integrity, and availability in the context of ATM security. Finally, it defines unethical behavior and ethics, and discusses the role of information security teams in enforcing policy and training to deter unethical and illegal activities and protect organizational systems.

Uploaded by

Marvellous R Makuwe
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

UNIVERSITY OF ZIMBABWE

Faculty of Computer Engineering Informatics and Communications


Department of Computer Science

HCF103 INTRODUCTION TO INFORMATION SECURITY


ASSIGNMENT 1

NAME: MARVELLOUS RUDO MAKUWE

REG NUMBER: R195770M

PROGRAM: HCF

1(a)(i).Threat is a potential cause of an incident that may be natural, unintentional or intentional


resulting in harm to a system or organization. For instance, in a system that allows weak
passwords, an intruder can exploit the password weakness to break into the system. An angry
employee is also a threat in a company.

1. (ii).Vulnerability is a weakness of an resource or a group of assets that can be exploited


by one or more threats. For example, a password is vulnerable for dictionary or
exhaustive key attacks. A software bug is also a vulnerability.

(iii).Risk is the potential for loss, damage or destruction of an asset as a result of a threat
exploiting a vulnerability. For instance, in a system that allows weak passwords, the resources
within the system are prone for illegal access, modification or damage by the intruder. Financial
losses in a company is also a risk.
(b).
Confidentiality: To access debit or credit cards one must enter a security password which is
available only to authorized users and aimed at further enhancing the level of security. While
securing the PIN of a respective card it is the responsibility of end user to ensure they use a
strong pin. Banks also need to ensure privacy whenever a communication is happening in
between ATM and bank server to prevent hacking. The entire transaction needs to be properly
secured so to avoid any kind of harm or hackers cracking the card pins and accessing
(Ajaykumar & Kumar, 2013).Proper encryption of PIN ensures that high level of confidentiality
is maintained while lack of attention towards the same could lead to breach of data or customers
information. Moreover, the policy related to changing PIN after regular intervals will help boost
the customers and keep data and information secure.

Integrity: Use of advanced, efficient technology and proper optimization & Collaboration of
ATMs is necessary to ensure their integrity is maintained and customer’s information is secure.
Both in case of withdraw and deposit, systems must be updated chronologically with authentic
data and does not affect the customer account in any manner. Withdrawals of money should
reflect as debits on the account, deposit of funds would result in credit of account. Moreover, a
section or committee should be incorporated to handle queries of customers which are related
with mismatch of account due to use of ATM.

Availability: The frequency of ATM should enhance depending upon the demand of the
customers and further should be frequently updated with cash to provide accurate services. While
ATM which is out of service could lead to customer dissatisfaction, that of ATM with accuracy
in services could attract more and more customers.

3. Unethical behavior are immoral action that contrary to the moral principles such as cheating
on exams and plagiarizing someone’s ideas or article and claim it off as your own whereas ethics
are based on cultural mores, relatively fixed moral attitude or customer of society group. Three
basic security concepts important to information on the internet are confidentiality, integrity, and
availability. Concepts relating to the people who use that information are authentication,
authorization, and nonrepudiation. The information security team and staff are responsible for
deterring unethical and illegal behaviors and act, by enforcing and using policy, training, and
education, technology as controls to protect the organization information and systems. Many
information security specials understand technological means of data and information protection,
but many underestimate the value of the law and policy. (Management of Information Security,
2017, p70). For instance, according to Jawad Ahmed, Uber suffered a possible cyberattack on 16
September 2022 afternoon with an allegedly 18-year-old hacker downloading vulnerability
reports and sharing screenshots of the company's internal systems, email dashboard, and Slack
server. Which means laws, policies, technical controls, fear of penalty and probability of penalty
being administered should be passed by states to prevent such illegal behavior.

Common questions

Powered by AI

Unethical academic behaviors like cheating or plagiarism reflect ethical challenges in information security, as both involve a breach of trust and integrity. In information security, similar unethical actions include sabotaging systems for unauthorized access or neglecting security responsibilities. Both contexts require strong ethical guidelines and enforcement to ensure adherence to moral principles and protect shared resources .

User responsibility is crucial in maintaining confidentiality by ensuring strong passwords, complying with security protocols, and preventing unauthorized disclosures. Users play a direct role in safeguarding their access credentials and being vigilant against phishing attacks. Their participation and awareness can significantly mitigate risks associated with breaches in confidentiality .

Legal and policy frameworks are essential in preventing unethical information security behaviors by enforcing penalties and educational measures. The Uber cyberattack, where a young hacker accessed internal systems, highlights the necessity of robust laws and policies. Comprehensive legal measures and organizational policies could deter such acts by emphasizing the fear and probability of penalty. Without these frameworks, information protection relies heavily on technology, which can be insufficient .

Educational efforts on information security ethics can significantly reduce unethical behaviors by raising awareness, providing guidelines, and promoting understanding of moral responsibilities. While education improves adherence to ethical standards, it must be complemented by strong enforcement policies and legal consequences to ensure compliance and address individuals resistant to behavioral change .

Confidentiality ensures that security passwords for debit or credit card access are only available to authorized users, which is critical in ATM transactions. Integrity ensures the accurate reflection of withdrawals and deposits on customer accounts, safeguarding against data mismatches. Availability is crucial to maintain customer satisfaction by ensuring ATM services are operational and frequently updated with cash to meet customer demand .

The rapid evolution of technology necessitates the continuous updating of confidentiality, integrity, and availability strategies to counter emerging threats. For example, advancing technologies enable more sophisticated attacks, which can exploit outdated security measures. As attack techniques evolve, security strategies must also be updated to maintain protection, ensuring the confidentiality of data, the accuracy of transactions, and the accessibility of services .

Organizations can reinforce ethical behavior in information security by implementing policies, providing regular training and education, and using technology controls. Enforcement of these measures ensures staff are aware of the importance of ethical conduct and the consequences of unethical actions. Additionally, penalties for unethical behavior, supported by legal standards, can act as a deterrent .

Risk management in ATM services involves identifying potential risks that could disrupt service availability, such as technical failures or cash shortages. Mitigation strategies might include regular maintenance schedules, timely cash replenishment, and backup systems. By proactively addressing these risks, banks can minimize downtime and enhance service availability, which leads to better customer satisfaction .

Threats, vulnerabilities, and risks are interconnected in that a threat exploits a vulnerability to realize a risk. For instance, a threat could be an intruder exploiting weak passwords (the vulnerability) on a system, resulting in unauthorized access which is the risk. The potential consequences of this risk include illegal access, modification, or damage to system resources. This example emphasizes the dynamic relationship where a threat takes advantage of a vulnerability to create a potential risk for the organization .

Authentication verifies the identity of users, ensuring that only legitimate users access systems. Authorization determines whether the authenticated user has permission to access specific resources, thus protecting sensitive data. Non-repudiation ensures proof of the origin and integrity of data, preventing users from denying their actions. These concepts are crucial for maintaining data confidentiality, integrity, and accessibility on the internet .

You might also like