Skip to main content

1st long) How can the CIA triad (Confidentiality, Integrity, Availability) be applied during the Security SDLC in the development of a mobile banking app? Provide examples of how each principle can be integrated into the app's security measures throughout the development lifecycle?

 The CIA Triad stands for Confidentiality, Integrity, and Availability. These are the three main goals of cybersecurity. They are very important during the Security Software Development Life Cycle (SDLC), especially when creating something sensitive like a mobile banking app. These three principles help make sure the app is safe, trustworthy, and always working properly for users. Let’s see how each one is used during the development process, with examples.

Confidentiality

Confidentiality means keeping users' personal and financial information private. Only the right people should be able to see it. In a mobile banking app, this includes things like usernames, passwords, account numbers, and transaction details. During the planning and design stages, developers decide which data needs protection and how to protect it. They use encryption to hide the data when it is stored or sent across the internet. In the development stage, they add features like login with passwords, PINs, or fingerprints to make sure only the correct user can access the app. In the testing stage, they check if anyone can get access to the data without permission. During deployment, the app is shared through trusted app stores and uses HTTPS so data stays safe while being transferred. For example, when a user checks their account balance, encryption makes sure no one else can see that data on the way to their phone.

Integrity

Integrity means keeping the data correct and unchanged, unless the user or authorized person updates it. In the design phase, developers use things like hash functions and digital signatures to make sure no one changes the data without permission. During development, they build the app so that all transactions, like money transfers, are checked properly. For example, if someone sends $500, the app should not allow anyone to change it to $5,000. In the testing stage, developers look for any bugs or weaknesses that could let someone change the data. Later, during maintenance, they check logs and records to spot anything unusual. By protecting data integrity, the app can be trusted by users because their financial data is safe and accurate.

Availability

Availability means making sure the app is always working and ready when users need it. This is very important in banking apps because users need to check balances, transfer money, or pay bills anytime. During the planning phase, developers think about possible problems like high traffic or system failures. In the design phase, they include things like backup servers and cloud storage, so the app keeps working even if something breaks. In the development stage, the app is made to handle errors without crashing. In testing, they do load testing to check how well the app works when many people use it at once. During maintenance, the team watches the app all the time and protects it from cyberattacks like DDoS attacks, which try to shut the app down. For example, even if thousands of people use the app at the same time, it should still work properly. And if one server fails, another one should take over.

Conclusion

In short, the CIA Triad helps build a secure and reliable mobile banking app during every stage of the Security SDLC. Confidentiality keeps personal data private, Integrity makes sure the data is correct and not changed, and Availability ensures the app is always working for the users. These three ideas work together to make sure the app is safe, trustworthy, and useful.

Comments

Post a Comment

Popular posts from this blog

Chap#10

Network topologies Definition: Network topologies define how nodes (processors/computers) are interconnected in parallel and distributed systems. The choice of topology affects performance, scalability, and cost. Key Metrics: Degree: Number of links per node. (Formula: deg = connections per node) Example: In a linear array, each node (except ends) has 2 links. Diameter: Longest shortest path between any two nodes. (Formula: diam = max distance) Example: Linear array with 8 nodes has diameter 7 (P₀ to P₇). Bisection Width: Minimum links to cut to split the network into two halves. (Formula: bw = min cuts) Example: Binary tree has bw=1 (cutting the root disconnects it).4 1. Linear Array Define : Nodes are connected one after another in a straight line. Each node (except the ends) connects to two neighbors one on the left and one on the right. Explanation : Simple to build and easy to understand, but not efficient for large networks. Long distance between farthest nodes makes comm...
Post a Comment
Read more
Asymmetric-key algorithms are algorithms used in cryptography that use two different keys  a public key for encryption and a private key for decryption. These keys are mathematically related, but the private key cannot be easily derived from the public key. Types: RSA (Rivest–Shamir–Adleman): It uses large prime numbers to generate the key pair and supports both encryption and digital signatures DSA (Digital Signature Algorithm): DSA is primarily used for creating digital signatures, ensuring the authenticity. Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext  Types: Stream Cipher:  Stream Cipher Converts the plain text into cipher text by taking 1 byte of plain text at a time. Block cipher: Converts the plain text into cipher text by taking plain text's block at a time DES? DES stands for Data Encryption Standard . It is a symmetric-key algorithm used to enc...
Post a Comment
Read more

Ai Mental Health & Cyber Safety Presentation

Module A - The Normalization Engine Linguistic Challenge: Roman Urdu lacks standardized orthography (e.g., "kesa" vs "kaisa"), creating orthographic "noise" that significantly degrades the accuracy of downstream AI models. Technical Role: Acts as a Sequence-to-Sequence (Seq2Seq) transliteration and lexical normalization layer to standardize inputs before analysis. Model: A specialized transformer architecture, specifically m2m100 fine-tuned on parallel corpora or UrduParaphraseBERT. Primary Dataset: Roman-Urdu-Parl (RUP). A large-scale parallel corpus of 6.37 million sentence pairs designed to support machine transliteration and word embedding training. Link: https://arxiv.org/abs/2503.21530 Outcome: Reduces orthographic noise by achieving up to 97.44% Char-BLEU accuracy for Roman-Urdu to Urdu conversion, ensuring Module B receives high-quality "clean" data for risk analysis. Module B - Risk Stratification (BERT) Heading: The "Safety ...
Post a Comment
Read more