Consider a bank ATM that allows users to access bank account balances. What measures can the ATM incorporate to cover the principles of the CIA triad?

The ATM can incorporate the following measures to cover the principles of the CIA triad:

• Confidentiality: Encrypt network connections and data, require user authentication such as PIN, physical security measures like cameras and locks.

• Integrity: Input validation, transaction logging, fraud detection systems.

• Availability: Redundant systems and backup power supplies, load balancing, routine maintenance.

Name three best practices that support the CIA triad.

• Regular software/firmware updates and patching
• Defense in depth protections like firewalls, IDS/IPS
• Strong access controls and principle of least privilege

What are the three stages of the risk management lifecycle? What is each stage’s main goal or objective?

The three stages of the risk management lifecycle are:

• Identify: Main goal is to identify assets, threats, and vulnerabilities. This involves taking an inventory of systems, classifying data, and determining potential risks.

• Protect: Main goal is to implement safeguards that reduce the risk of threats exploiting vulnerabilities. This involves deterrent and preventative controls like firewalls, encryption, backups.

• Detect & Respond: Main goal is to detect security incidents and respond appropriately. This involves monitoring systems, having an incident response plan, notifying stakeholders if a breach occurs.

Things I want to learn more about

Sources: https://resources.infosecinstitute.com/certifications/cissp/security-risk-management/