ISSC452_Week1_Discussion

.docx

School

American Military University *

*We aren’t endorsed by this school

Course

452

Subject

Information Systems

Date

Jan 9, 2024

Type

docx

Pages

1

Uploaded by fighters18jfighters18j

Report
Hello everyone, Confidentiality: Confidentiality includes encryption, access controls, and secure communication between the Automated Teller Machine (ATM) and any outside source it needs to communicate to. As the PCI Security Standards Council (2018) states, data transferred over the network or wireless is protected with adequately strong mechanisms against disclosure and be encrypted. Newer ATMs are using Advanced Encryption Standard (AES) encryption. Many older machines still use Triple Data Encryption Standard (DES) as their hardware or software may not support AES. Triple DES is more vulnerable to being hacked due to lower performance rates, and it has fewer bits at 168 than 256, like AES. Integrity: This ensures that the ATM data and transactions are correct, complete, and have not been altered with or changed. This is done by using secure communication protocols to prove the authenticity of the data. As the PCI Security Standards Council (2018) states, data communicating between the interfaces within the ATM is secured. These same interfaces will not accept connection requests from unauthorized sources. Availability: Financial institutions must always have their ATMs up. Most banks reduce this risk by having more than one at a location. Maintenance companies are also hired to come out for service at any time to resolve these issues as they arise. The idea of availability and all necessary planning, such as fault tolerant systems and backup power options, must be in place to ensure the network resource can maintain operations. ATM has tools that cover all three principles of the CIA triad. It provides confidentiality by requiring two-factor authentication (both a physical card and a PIN code) before allowing access to data. The ATM and bank software enforce data integrity by ensuring that any transfers or withdrawals made via the machine are reflected in the accounting for the user’s bank account. Finally, it ensures availability by providing uninterrupted access to banking services 24/7. Confidentiality - Encryption: Under the umbrella of confidentiality, I would be concerned about the ATMs still in use that cannot update to AES encryption, as they are more vulnerable to being breached. ATM Black Box was created, and an attack was initiated in a lab (Chandrasekran, et all, 2022). With access to the dispenser controller’s USB port, an attacker can install an outdated firmware version with old encryption keys, bypassing the encryption and making a cash withdrawal. John Caldwell References: Chandrasekran, Y., Ramachandiran, C. R., & Arun, K. C. (2022, April). Adoption of Future Banking Using Biometric Technology in Automated Teller Machine (ATM). In 2022 IEEE International Conference on Distributed Computing and Electrical Circuits and Electronics (ICDCECE) (pp. 1-4). IEEE. PCI Security Standards Council. (2018). Payment Card Industry (PCI) data security standard– Requirements and security assessment procedures–Version 3.2. 1.
Discover more documents: Sign up today!
Unlock a world of knowledge! Explore tailored content for a richer learning experience. Here's what you'll get:
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help