Examples of IT Security Risks and University Impact
This table includes examples for each of the four IT security objectives at each of the three levels of risk.
| Low | Moderate | High | |
| Confidentiality | Disclosure of course offerings before the Registrar publishes the information on the web. | Disclosure of e-mails detailing a negotiation strategy during a land purchase. | Disclosure of student medical records. |
| Data Integrity | Malicious modification of a student's personal webpage. | Malicious modification of classroom schedules, leading to overbooking or confusion for a period of time. | Malicious modification of an administrative report, leading to embarrassment for the university. |
| Availability | Attack on servers holding personal web pages or attack on networked environmental controllers. | Attack on the course registration servers during the student registration weeks. | Attack on the network routers, which would render most networks inoperable. |
| Authorized Use | An Iowa State University student shares his/her password with a high-school friend, thereby granting unauthorized access to computing services for his friend. | Gaining access to a computer with publicly available hacking tools, then using the computer to capture passwords on the network. | Gaining access to a computer with publicly available hacking tools, then using the computer as a platform to launch a debilitating attack on the campus networks. |
