INFO5301 Information Security Management
Confidentiality: because data is stored in a server which is accessible by all users. Fur-
thermore, data is not encrypted. This violate the requirement of confidentiality that only
authorised user can access the data.
Integrity: because anyone who can access the subfolders can see the data in clear and make
change to it. The user can also delete the paychecks in each subfolder. This violate the
requirement of integrity that data needs to be accurate and complete.
Availability: as some paychecks were deleted, they become unavailable when needed. Thus
the availability requirement is not satisfied.
Duration: 15 min
Exercise 9:
In banking industry, a range of online services are now available to assist customers with
business banking needs. Discuss the potential security risks of online banking services?
Answer:
The following items are potential risks that a bank must be aware of:
• Loss of data: Online theft of customer’s Access Code/User ID/Username, PIN/Pass-
word
• Human interaction: Customers accidentally access their Online Banking accounts through
hyperlinks in e-mails, pop-up windows, or search engines.
• Inside and outside attacks: Virus attacks, hacking, unauthorized access and fraudulent
transactions
• Misuse of data: Sharing customer’s information with third parties;
Duration: 15 min
Information Security Management Page 6of 6