Class 03 - birlzhimself/401-Reading-Notes GitHub Wiki
Consider a bank ATM that allows users to access bank account balances. What measures can the ATM incorporate to cover the principles of the CIA triad?
Confidentiality: To ensure confidentiality, the ATM can use encryption techniques to protect user data and personal information such as account numbers, PINs, and transaction details. The ATM can also incorporate measures such as access controls and authentication to ensure that only authorized individuals can access the data.
Integrity: To ensure data integrity, the ATM can incorporate measures such as digital signatures to ensure that data has not been tampered with or altered during transmission. The ATM can also use checksums to verify the integrity of data.
Availability: To ensure availability, the ATM can incorporate measures such as redundancy and fault-tolerant systems to ensure that the ATM is always operational. The ATM can also incorporate measures such as load balancing and network segmentation to ensure that the system is available to all users.
Name three best practices that support the CIA triad.
Regular Security Audits: Regular security audits are essential to ensure that the security measures in place are effective and up-to-date. This includes assessing vulnerabilities and threats, reviewing policies and procedures, and identifying areas for improvement.
Employee Training and Awareness: Employee training and awareness are essential to ensure that all personnel are aware of their responsibilities and obligations with regard to security. This includes training on data protection, access controls, and incident response.
Incident Response Planning: Incident response planning involves preparing for potential security incidents by establishing a plan for detecting, responding to, and recovering from incidents. This includes establishing incident response teams, identifying incident types, and developing communication plans.
What are the three stages of the risk management lifecycle? What is each stage’s main goal or objective?
Risk Assessment: The first stage involves identifying and assessing potential risks. The main goal is to identify and evaluate the likelihood and impact of risks.
Risk Mitigation: The second stage involves developing strategies to mitigate or reduce risks. The main goal is to implement measures to minimize the likelihood and impact of risks.
Risk Monitoring and Review: The final stage involves monitoring and reviewing the effectiveness of risk management strategies. The main goal is to ensure that risk management strategies are effective and up-to-date. This includes regular risk assessments and incident response testing.
Sources:
How to Become a Security Auditor
How to use Cyber Security Evaluation Tool (CSET®) to assess Cyber Risk