CS205 Information Security Assignment 01 Fall 2020 Solution / Discussion Due Date: 26-11-2020

Question No. 1                                                                     [Marks: 10]Question No. 1                                                                     [Marks: 10]
Suppose you are attempting the exam for the post of Information Security Engineer in the ABC organization. During the exam, you are given the following real life scenarios associated with  the three main pillars of informing security (C.I.A) : Suppose fifty cancer patient's treatment is being carried out by Dr. Ali in the well-reputed cancer hospital in Lahore. All the medical information of those patients is stored in the table of the hospital’s database system. Dr. Ali suggests medicine to the patients on the basis of patient’s relevant information stored in the database. If another doctor who has also legal rights to access this table of the database, unintentionally changes the information that can mislead the patient treatment.CSS Exam’s applicants are checking their results online through the FPSC website but the FPSC website takes too much time to load.The AZB limited Bank makes a plan for launching a new offer for capturing customers in a market but this plan leaked to its competitors.A bank’s ATM is not responding due to general backend server error.If a renowned shoe brand’s prices and specifications available on online shopping stores are changed by an unauthorized person.If you are replying to the messages of your friend, then it should be received in the original form as it is sent by you.Upon the last date of applying for the online job application, the related website is not responding due to some technical problems which makes the candidates unable to submit their job application on time.Student’s board results information (Marks, CGPA) is considered very important and it should be available only for that specific student and their parents rather than other class students.A developer’s salary slip in the software house should not be visible to any other developer.Student’s semester grades are posted on the class Facebook group by some unauthorized student.After carefully reading and analyzing the above-mentioned scenarios and fill the following table: Scenario. No Associated C.I.A security component Scenario. No Associated C.I.A security component    1 Confidentiality 6 Integrity    2 Integrity 7 Integrity    3 Availability 8 Confidentiality    4 Availability 9 Availability    5 Confidentiality 10 Confidentiality  
Solution: 
Question No. 2                                                                                                                                          [Marks: 10]
You are required to carefully study the OSI security architecture and then identify and relate the following daily life scenarios with security services provided by OSI: 
A Hotel front desk information officer is given the right to add visitor data on daily basis into the hotel database. He may be allowed to edit the information later on when required but not allowed to delete the record of any visitor.A bank’s regular customer sends an online query to the bank’s head office to know about his closing balance after ten weekly transactions and he should receive the same balance amount as sent by bank authorities.Mr. Hamza transfer $15000 to Car Company’s bank account through an online banking service for purchasing the new car. Both the bank and the user should be guaranteed in the identities of each other.A bank’s cash officer may be allowed to see just customer profile, but not allowed to make any changes in the customer profile information.A bank’s client withdraws Rs. 25000 from his bank account, but after some days he denied that he made the transaction. How the bank can handle such a situation?Note: You are required to provide your answer in the table given below:

Question No. 2 [Marks: 10]

You are required to carefully study the OSI security architecture and then identify and relate the following daily life scenarios with security services provided by OSI:

A Hotel front desk information officer is given the right to add visitor data on daily basis into the hotel database. He may be allowed to edit the information later on when required but not allowed to delete the record of any visitor.
A bank’s regular customer sends an online query to the bank’s head office to know about his closing balance after ten weekly transactions and he should receive the same balance amount as sent by bank authorities.
Mr. Hamza transfer $15000 to Car Company’s bank account through an online banking service for purchasing the new car. Both the bank and the user should be guaranteed in the identities of each other.
A bank’s cash officer may be allowed to see just customer profile, but not allowed to make any changes in the customer profile information.
A bank’s client withdraws Rs. 25000 from his bank account, but after some days he denied that he made the transaction. How the bank can handle such a situation?
Note: You are required to provide your answer in the table given below: