Given the above definitions the most important features would be Confidentiality, Access Control, Integrity and Availability. The few selected, were chosen given that the nature of the business is an online magazine additionally they were chosen because a good designer should be able to derived the others. It also stated that the user will be required to choose a username and password so access control was mandatory.
Confidentiality is essential to the online magazine because the same amount of consideration given towards the magazine must be given to the customer. From the customer’s point of view you do not want to subscribe to a business where someone else whether within ...view middle of the document...
A user needs to be sure that he is getting the content that he paid for and the company needs to make sure the right content is in fact going to the right person. Imagine a user subscribes to the magazine and some weeks later the user tries to log in and cannot due to invalid authentication of username and password because someone at the magazine updated customer information in bulk and changed necessary client-access information for that particular customer. The magazine should have a response in place to either detect changes in information or restore information they receive. Suppose it was not site access but site content that was modified and when the customer complains there must be away for the magazine to check if they did in fact send the correct information or not and whether or not the customer receive the correct information. This is where a fault in integrity can derive a need for Non-repudiation where in this case the customer can prove and the magazine can accept or deny that a given transmission did or did not occur.
A customer must be granted, at any given time, access to the contend he is paying for by ensuring that software and hardware work harmoniously. This includes sufficient bandwidth and processing power proper backup and recovery options and upgrades where necessary.
However, just because someone has the right username and password to access the site we should not only rely on the availability provided by access control alone.
For instance, suppose someone who writes a blog decides to post his subscription credentials on his blog giving all readers access to the site content and later denies doing this you must be able to determine how much traffic is generated from which account and be able to prove it. Here is another instance of non-repudiation and an instance of accountability coming to the forefront.
From the explanations above the three suggested most important are Confidentiality Integrity and Accessibility with Access Control being important because it is necessary for the site to function and accountability and non-repudiation being least important because they can be derived with a good design plan. All of the above features are import and necessary and are only sorted based on how critical the consequences would be with the omission of the chosen most important against the features selected least important.
Security On A Login Page
Two features that could increase security at the login page of the website are
• Imposed password policy