@moaaz said in CS205 Assignment 1 Solution and Discussion:
Question No-2:
Consider an online performance evaluation system of a company where its employees enter the daily status of the tasks assigned to them in online sheets available in the system. The sheets are analyzed by the competent authorities of the company on daily basis to evaluate the performance of the employees.
You are required to briefly explain the confidentiality, integrity and availability with the help of example associated with this system.
In your point of view which component of C.I.A. Triangle model will get the highest importance and which component will get the least importance according to above mentioned scenario?
Solution:
Integrity:
An employee always relies on the accuracy of entered data /information. Therefore, use of advanced, efficient technology and proper optimization is necessary to ensure that integrity is maintained and employee’s information is secure. Whenever any employee enters his work progress then that information must remain in its original form otherwise any wrong change in report can create a lot of problems for employees. So, the integrity of data should be safe.
Confidentiality:
The employee must expect the privacy. Confidentiality with the use of evaluation system should be high and there should be surety of maintaining privacy between higher management and employee. To access the performance evaluation system, an employee must enter a security password which is available only to authorized employee of the company. Company also needs to ensure privacy of any employee’s performance report. Proper encryption of data ensures that high level of confidentiality is maintained whereas lack of attention towards the same could lead to breach of data/ information. Moreover, the policy related to changing password after regular intervals will help to keep data and information secure.
Availability:
All employees use evaluation system at the end of day to enter their progress status of the tasks/work, assigned to them. So, if the related interface is not available at the time of entering data, then employees would not be able to enter the information in the system. Consequently, the higher management may perceive that the employee(s) has /have intentionally not entered the required information and may take action in this regard. Furthermore, if the system will not be available specially at the time when most of the employees will be updating their status, then it will make the employees frustrated just because no one want to spend extra hours after the working hours. So the availability of the system is also important.
Part-2:
Integrity and Confidentiality holds the highest importance in this scenario.
The availability of system has less importance from information security point of view.