SRA111 Class Exercise Topic 1 Applying CIA In

  • Slides: 5
Download presentation
SRA-111 Class Exercise Topic 1 Applying CIA

SRA-111 Class Exercise Topic 1 Applying CIA

In your teams: • examine the issues of confidentiality, Integrity and Security for the

In your teams: • examine the issues of confidentiality, Integrity and Security for the type of system you are given. • Consider the purpose of the system, the nature of the data, and the nature of the user. • Explain the possible threats and vulnerabilities. • Explain possible controls.

Summarize in a set of bullets in a Word document and post to the

Summarize in a set of bullets in a Word document and post to the discussion forum provided for this exercise. Some teams will present in class as time allows.

Example: Google’s Web Search Engine • Confidentiality important so people do not know what

Example: Google’s Web Search Engine • Confidentiality important so people do not know what other people are searching for, would violate privacy. Police might look at a suspect’s searches to gather evidence that they had conspired to commit a crime. Control: requiring warrant before revealing search stats. • Integrity important to avoid being directed to malware sites, also if search does not have much integrity who would use it? What good is an inaccurate search or a search that directs you to a dangerous site. Control: site ratings. • Availability is important – if you are doing research for school or work you need the system now – not later. Control: multiple online points of entry to handle load and avoid impact of DOS attacks.

Team assignments: • Copper -- Penn State Canvas System • Gold – Penn State

Team assignments: • Copper -- Penn State Canvas System • Gold – Penn State Lion Path • Iron – Google Gmail • Mercury -- Facebook • Platinum – Online banking system for PNC • Silver - Netflix • Nickel - Amazon • Uranium – Web. MD • Aluminum – Match. com • Boron – Weather. com • Plutonium - Tumbler