John is establishing CIA levels required for a high schools grade server. This server only has grades. It does not have student or faculty private information (such as social security number, address, phone number, etc.). Which of the following CIA levels will be used by John?
A.
Confidentiality = moderate, integrity = moderate. Availability = high
B.
Confidentiality = low, Integrity = moderate, Availability = low
C.
Confidentiality = high. Integrity = moderate, Availability = moderate
D.
Confidentiality = high. Integrity = high, Availability = high
Explanation:
Confidentiality is not critical here. If data is released, there is no significant negative consequences. Accidental or purposeful changes to grades are the most significant threat to this system. This means that integrity is critical. Finally the availability is not a major issue. If the system is down for a short time, there is no critical impact.Answer option C is incorrect. There is no need for high confidentiality or for moderate availability.
Answer option D is incorrect. Certainly a grade server does not require all three CIA factors to be high. The data is not highly confidential and the availability is not critical.
Answer option A is incorrect. Moderate integrity is necessary, but moderate confidentiality is not. And it is absolutely unnecessary to have high availability.