-
Notifications
You must be signed in to change notification settings - Fork 1
401 Class 03: Cyber Risk Analysis
Nathalie Abdallah edited this page Jan 11, 2024
·
4 revisions
102 OPS | Home | README.md | Portfolio | ← | →
Reading Security and Risk Management
Consider a bank ATM that allows users to access bank account balances. What measures can the ATM incorporate to cover the principles of the CIA triad?
- Confidentiality: Train employees to be aware, proper Encryption
- Integrity: Use digital Signatures, two-factor authentication
- Availability: Create Single point of failure landscape, have backups
- Mandatory Vacations: allow for observation of variables being taken out to better access reality
- Job rotation: allows for variables to move around to better access and also control
- Dual Control: requires a thread of users before the task can be completed, for example, sending a large lump sum of money, even if there was a typo, or mishap at the user's office, it wouldn't matter, due to the other points of contact it has to meet before the task can be completed.
What are the three stages of the risk management lifecycle? What is each stage’s main goal or objective?
- assessment: identify risk
- analysis: examine risk
- mitigation: measure risk, and make decision on how to react
The below resources are not a part of this reading assignment but will enrich your understanding of the topic.
How to Become a Security Auditor How to use Cyber Security Evaluation Tool (CSET®) to assess Cyber Risk