Question

Please complete below Information Security Incidents and their impacts as relating to CIA?

is that incident is confidentiality, Integrity or Avablilty?

and how will you address your incident

Incident	CIA area(s) affected	How you address this issue?
I LOVEYOU Virus
If your company Information System accessible intermittently due to heavy traffic
You are unable to access ATM machine to withdraw cash
You are able to withdraw cash but receipt information is wrong.
You are able to access your institute Information System and access your midterm grades but system is very slow.

Answer 1

Brief Introduction to CIA

The CIA triad (also called CIA triangle) is a guide for measures in information security. Information security influences how information technology is used.The measures should protect valuable information, such as proprietary information of businesses and personal or financial information of individual users. Information security teams use the CIA triad to develop security measures.The CIA triad serves as a tool or guide for securing information systems and networks and related technological assets.

The CIA triad is a model that shows the three main goals needed to achieve information security.

These factors are the goals of the CIA triad, as follows:

• Confidentiality
• Integrity
• Availability

Confidentiality-

Confidentiality is the protection of information from unauthorized access. This goal of the CIA triad emphasizes the need for information protection. Confidentiality requires measures to ensure that only authorized people are allowed to access the information.

Integrity-

The CIA triad goal of integrity is the condition where information is kept accurate and consistent unless authorized changes are made. It is possible for information to change because of careless access and use, errors in the information system, or unauthorized access and use.n the CIA triad, integrity is maintained when the information remains unchanged during storage, transmission, and usage not involving modification to the information.

Availability-

The CIA triad goal of availability is the situation where information is available when and where it is rightly needed. The main concern in the CIA triad is that the information should be available when authorized users need to access it. Availability is maintained when all components of the information system are working properly. Problems in the information system could make it impossible to access information, thereby making the information unavailable.

INCIDENT -- I LOVE YOU virus

• CIA area(s) affected --

Since the ILY virus is a worm and it's working is that it inflicts damage on the local machine, overwriting random types of files (including Office files, image files, and audio files; however after overwriting MP3 files the virus hides the file), and sends a copy of itself to all addresses in the Windows Address Book used by Microsoft Outlook. So the Confidentiality is compromised. The Integrity is also compromised as well as the avalaiblity of the resources.

• Issue Resolution --

On the machine system level, ILY virus relied on the scripting engine system setting (which runs scripting language files such as .vbs files) being enabled, and took advantage of a feature in Windows that hide file extensions by default, which malware authors would use as an exploit. So proper Anti-Virus and disabling scripting would help such a threat.

INCIDENT --  If your company Information System accessible intermittently due to heavy traffic

• CIA area(s) affected --

In this case the heavy traffic can cause the Non-Avalaibility of the resources, but the cause of the Heavy Traffic is to be determined and make sure that it is legitimate. Distributed Denial of Service attacks causes the service to go down due to increase in garbage traffic, in this case the Confidentiality and the Integrity both are compromised.

Since i'm taking into consideration that the company has proper security systems and firewall installed so there is no threat to the Confidentiality Integrity.

• Issue Resolution --

The heavy traffic is an issue of load-balancing and no proper failover servers have been installed. I would ask the server manager to build a proper load-balancing architecture which will hold the fail-over machines in order to maintain a distributive network.

INCIDENT -- You are unable to access ATM machine to withdraw cash

• CIA area(s) affected --

Here i would consider that the ATM machine is out of cash and is unable to provide service.
In this case i would blame the Avalaibility, keeping in mind the Confidentiality and the Integrity is not compromised.

• Issue Resolution --

The ATM manager would have to take responsible of the cash deposit in order to provide a seamless transaction for the customers.

INCIDENT -- You are able to withdraw cash but receipt information is wrong

• CIA area(s) affected --

Here i would consider the malfunction in the system and then would blame the Intergrity, the Confidentiality and the Avalability is not compromised.

• Issue Resolution --

As i have mentioned in the Integrity section that it is possible for information to change because of careless access and use, errors in the information system, or unauthorized access and use. So in that case the server manager or anyone incharge to authorize the system should take care that malfunction do not happen.

INCIDENT -- You are able to access your institute Information System and access your midterm grades but system is very slow

• CIA area(s) affected --

Here i would blame the blame the Avalaibility, keeping in mind the Confidentiality and the Integrity is not compromised. I would not consider any Distributed Denial of Service Attack and would probably focus on just network / server lag, due to heavy traffic.

• Issue Resolution --

The heavy traffic is an issue of load-balancing and no proper failover servers have been installed, there could be even network connectivity issue so I would ask the server manager to check for the fail-over machines in order to maintain a distributive network and also to see the ISP network is being properly working or not and fix the lag.

Please let me know if i missed anything or any point needs proper explanation.

Thanks