401d8 read03 - carlosjorr/reading-notes GitHub Wiki

Cyber Risk Analysis

Consider a bank ATM that allows users to access bank account balances. What measures can the ATM incorporate to cover the principles of the CIA triad?

Confidentiality:

User authentication: Implement strong authentication methods such as PINs, passwords, or biometric authentication (e.g., fingerprint or iris scans) to ensure that only authorized individuals can access their accounts. Encrypted communication: Use secure protocols (e.g., SSL/TLS) to encrypt the communication between the ATM and the bank's servers, preventing unauthorized interception of sensitive data. Privacy screens: Install privacy screens or shields on the ATM to prevent shoulder surfing and protect the confidentiality of user transactions.

Integrity:

Transaction logging: Maintain comprehensive logs of all ATM transactions, including account balances and transaction details, to ensure the integrity of the data. These logs can be used for auditing and investigation purposes. Tamper-evident technology: Utilize physical and digital tamper-evident mechanisms to detect and prevent any unauthorized access or tampering with the ATM's hardware, software, or data. Secure coding practices: Employ secure coding standards and practices during the development of the ATM software to prevent vulnerabilities and unauthorized modifications.

Availability:

Redundancy and fault tolerance: Implement redundant systems, such as backup power supplies and duplicate hardware components, to ensure continuous availability of the ATM even in the event of power outages or hardware failures. Regular maintenance and monitoring: Conduct regular maintenance activities, including software updates and hardware inspections, to proactively identify and address any issues that could affect the availability of the ATM. Disaster recovery plan: Develop a comprehensive disaster recovery plan that includes backup and restore procedures, off-site data storage, and alternative processing locations to recover from potential disruptions and ensure the availability of ATM services.

Name three best practices that support the CIA triad.

Least Privilege: Grant users or processes only the minimum level of access required to perform their tasks. By limiting access rights, the risk of unauthorized access or data breaches is minimized, enhancing confidentiality and integrity.

Defense in Depth: Implement multiple layers of security controls to protect against various types of threats. This approach includes measures such as firewalls, intrusion detection systems, encryption, and access controls, ensuring a comprehensive security posture.

Regular Auditing and Monitoring: Conduct regular security audits and monitoring activities to identify and respond to potential security incidents or vulnerabilities. By monitoring system logs, network traffic, and user activities, organizations can detect unauthorized access attempts, potential breaches, or abnormal behavior, safeguarding the CIA triad.

What are the three stages of the risk management lifecycle? What is each stage’s main goal or objective?

Risk Assessment: The goal of this stage is to identify and evaluate potential risks and vulnerabilities that could impact the security of the ATM system. It involves assessing the likelihood and impact of various threats and determining the level of risk associated with each.

Risk Mitigation: In this stage, strategies and controls are implemented to mitigate or reduce the identified risks. This may include implementing security measures, such as firewalls, intrusion detection systems, access controls, encryption, and security policies. The objective is to minimize the probability and impact of potential risks.

Risk Monitoring and Review: The final stage involves ongoing monitoring and review of the implemented risk management measures. This includes regular evaluation of the effectiveness of security controls, monitoring for new threats and vulnerabilities, and adapting the risk management approach as needed. The goal is to ensure that the risk management strategies remain up to date and continue to protect the ATM system from evolving threats.