An accountant in an organization is allowed access to a company's human resources database only to adjust the number of hours that the organization's employees have worked in a fiscal year. However, the accountant modifies an employee's personal information. Which part of the Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privileges (STRIDE) model describes this situation?
Tampering
In this scenario, the accountant has modified an employee's personal information, which constitutes unauthorized alteration of data. Tampering refers to the act of maliciously modifying data in a system, thus breaching the integrity of the information.
Elevation of privilege occurs when a user gains access to resources or permissions beyond what they are authorized to have. In this case, the accountant was allowed to adjust hours but did not gain additional privileges; they simply misused their existing access rights.
This choice accurately describes the situation, as the accountant altered an employee's personal information without authorization. Tampering involves manipulating data to achieve an unauthorized outcome, which perfectly fits this scenario.
Denial of service refers to an attack that aims to make a system or service unavailable to its intended users, often by overwhelming it with requests. This situation does not involve such an attack; instead, it revolves around unauthorized data modification.
Spoofing involves impersonating another user or device to gain unauthorized access to systems or data. While the accountant acted improperly, they did not impersonate another individual; they simply misused their authorized access to alter information.
The STRIDE model emphasizes various threats to information systems, and in this case, tampering is the most appropriate classification. The accountant's unauthorized modification of employee data illustrates a breach of data integrity, which is a direct example of tampering. Understanding these distinctions helps organizations better safeguard their data against misuse by authorized users.
Related Questions
View allAn organization that primarily uses a remote work model is reviewing t...
Which methodology encompasses conducting tests around the interaction...
A governmental data storage organization plans to relocate its primary...
An organization wants to secure the boundary between a lower-security...
An organization wants to ensure that all entities trust any certificat...
Related Quizzes
View all0PC1 Planning Instructional Strategies for Meaningful Learning Version 1
AP01 Elementary Literacy Curriculum Version 1
AQ01 Applied Healthcare Statistics C784 Version 1
ASO1 Introduction to Statistics for Research Version 1
BJ01 Introduction to Business Finance Version 1
C172 Network and Security Foundations Version 1
C180 Introduction to Psychology Version 1
C180 Introduction to Psychology Version 2
CKC1 Introduction to Humanities Version 1
DZ01 Mathematics for Elementary Educators III MATH 1330 Version 1
- ✓ 500+ Practice Questions
- ✓ Detailed Explanations
- ✓ Progress Analytics
- ✓ Exam Simulations