Buy essay on Impact of loss of CIA:

Question 1. Impact of loss of CIA: www.myminerva.com can be attacked and CIA can be violated. Identify two attacks that can violate each component of the CIA triad. For each loss provide an impact level (low, moderate, high) and justify your answers.
Answer.
The website www.myminerva.com provides software solutions for personal or family health management, with opportunities of storing the data on the flash drive, and using the viewer on mobile devices. There also are solutions for healthcare agents for healthcare providers. Families can store their whole medical history, organizations can maintain emergency health records of their employees, and doctors can manage the history of their patients. The data are stored locally on the patient’s computer and a copy can be stored on the flash drive. The program is protected with a password, to avoid unauthenticated access; it is also possible to set separate passwords for emergency health records.
One of the attacks applicable for this software is the brute force password selection (or password cracking, which is a similar type of attack) at the client’s computer. The attack can be done locally at the client’s computer or remotely, using a botnet for password selection. In both cases, data confidentiality and integrity can be violated: indeed, a trespasser will gain unauthorized access to the data, and can also modify the data, thus violating integrity. If the flash copy is synchronized with the local copy automatically, the damage from this attack can be estimated as high (especially if the patient has different data from different doctors, and the data cannot be recovered from other sources).
Another type of attack might be theft of the flash disk (with consequent password selection or cracking). In this case, confidentiality and availability of data can be violated, especially in emergency cases. The damage caused by this attack can be estimated as moderate because, despite the confidentiality breach, the data can be recovered from the local copy.
Question 2. Analysis of a Security Breach: Probably you have read and heard about vulnerabilities, security breaches, etc. in the media or discussed them in classrooms, cafes, or other sources. For this problem, 1) you need to select a major security breach that happened in 2011, 2) list two of the vulnerabilities, 3) harms caused by the breach, 4) the reasons behind the attack (i.e., MOM), and 5) how it can be prevented in the future. You can use the links from the course website to search for a security breach.
Answer.
In March 2011, there was a large security breach at an online marketing firm (e-mail provider) called Epsilon (Helft, 2011). It is supposed that the breach itself started with a weak configuration of the company’s security system. E-mail addresses (and, for some cases, names) of the customers of large companies were exposed to the hackers. Two vulnerabilities in this case were the following:
1) the intrusion detection system in Epsilon was not properly set up and tuned;
2) the e-mail server security system did not provide adequate protection.
The harms caused by the breach were the following: the breach has created a convenient path for phishing attacks, i.e. hackers received a chance to get commercial and confidential information such as banking details, credit card information and other personal data by sending fake e-mail on behalf of Epsilon customers. Here it should be mentioned that over 50 well-known companies were the clients of Epsilon. The breach also affected customer names, which means that spear-phishing activities could also take place (customers will get a personalized and properly designed e-mails, which increases the risk of successful attack). The reasons behind the attack were the following: method – e-mail server security breach, mostly likely a rootkit and special software was used; opportunity – the servers did not have an effective intrusion detection system, and the security of the database was not maintained properly as well; motive – getting personal data of the customers in order to get access to their confidential and/or financial information.
Such breaches can be prevented in the future by introducing an effective intrusion detection system and setting its alerts properly; also, Epsilon should check its external and internal security perimeters, and analyze managerial components (it is possible that an insider provided confidential information for the breach, although Epsilon did not comment much on the nature of the breach).
Question 3. Preserving CIA: Bank of North Central Indiana has hired you as a security consultant for the project Securing ATMs. For this project your role is to identify the CIA requirements for the ATM machines using examples. You are also required to identify the importance of each requirement. You can use McCumber’s cube for the discussion and solution.
Answer.
From the customer side, ATMs should provide confidentiality, availability and integrity of data, as well as accountability (all network management actions and all service invocations are accountable). Basing on these characteristics, and on the states of information (transmission, storage, processing) and security (education-training-awareness, policy-practices, and technology) measures illustrated by McCumber Cube,it is possible to develop the following set of requirements for the security of ATM machines:
1) Identity verification
2) Control of access and authorization
3) Protection of confidentiality
4) Protection of integrity
5) Accountability reinforcement
6) Logging of activities
7) Alarm reports
8) Security auditing functionality
9) Security recovery
10) Management of security
The first five requirements are of highest importance, since they form the basis of the CIA triad and implement the associated functions. Other five requirements are of moderate importance, because they will consolidate the system and form internal and external security perimeters.

 
References
Helft, Miguel. April 4, 2011. After Breach, Companies Warn of E-Mail Fraud. Available