A company is offering a new online payment system using a biometric authentication solution. A customer must first register using a mobile app, scanning their face and storing their payment details on a remote server. After registration, every time a customer wants to purchase a product online, the must open an application on their phone which will take a picture of their face, and matching it against the template stored at registration. The server storing the templates is a UNIX server, and the connection between the phone application and the server is secured using TLS$.$

a$)$ Identify and assess the risk of an Information Disclosure threat, and recommend an avoidance risk control against that threat. $[10$ Marks$]$

b$)$ Identify and assess the risk of a Tampering threat, and recommend a mitigation risk control against that threat.

$[10$ Marks$]$ Can you use FAIR method of risk assessment please