102 OPS | Home | README.md | Portfolio | ← | →

Reading Security and Risk Management

Consider a bank ATM that allows users to access bank account balances. What measures can the ATM incorporate to cover the principles of the CIA triad?

1. Confidentiality: Train employees to be aware, proper Encryption
2. Integrity: Use digital Signatures, two-factor authentication
3. Availability: Create Single point of failure landscape, have backups

Name three best practices that support the CIA triad.

1. Mandatory Vacations: allow for observation of variables being taken out to better access reality
2. Job rotation: allows for variables to move around to better access and also control
3. Dual Control: requires a thread of users before the task can be completed, for example, sending a large lump sum of money, even if there was a typo, or mishap at the user's office, it wouldn't matter, due to the other points of contact it has to meet before the task can be completed.

What are the three stages of the risk management lifecycle? What is each stage’s main goal or objective?

1. assessment: identify risk
2. analysis: examine risk
3. mitigation: measure risk, and make decision on how to react

Additional Resources

The below resources are not a part of this reading assignment but will enrich your understanding of the topic.

How to Become a Security Auditor How to use Cyber Security Evaluation Tool (CSET®) to assess Cyber Risk