Introduction to Risk Assessment
Vložit
- čas přidán 12. 12. 2010
- Info
Level: Beginner
Presenter: Eli the Computer Guy
Date Created: October 12, 2010
Length of Class: 57 Minutes
Tracks
Computer Security /Integrity
Prerequisites
None
Purpose of Class
This class teaches students the basic concepts behind Risk Assessments.
Topics Covered
Defining Risk, Threat and Vulnerability
Types of Protections
Mitigation Concepts
Business Rational for Risk Assessment and Management
Class Notes
Introduction
The better you know technology the better you will do with Risk Assessment/ Management.
Risk
Risk = Treat x Vulnerability
Overview of Risk
Risk is defined as the likelihood of financial loss.
Risk is a business concepts not a technological one.
Down Time
Fraud
Legal data loss issues
Hacking -- Attacks from your network
Data Theft (Trade Secrets)
Overview of Threat
i. Natural Disatser
ii. Malicious Human
iii. Accidental Human
iv. System Failure
Impersonation
Interception
Interference
Overview of Vulnerability
Flooding
Theft of Systems
Hacking
Viruses
Overview of Protections Technoloigical Safe Guards
Physical/ Operational Security
Disaster Plan
Documentation
Technological Safeguards (Firewalls, Antivirus)
Concepts of Mitigation
Incident - Response - Debrief - Mitigation
Making Bad not so bad
You will never be safe
Security Buy In and Quantifying Risk
The business leaders will make the final decision on Risk Management
The better your BUSINESS argument the more likely you are to get the go ahead.
What is the cost of downtime
What is the legal cost
Cost of Security vs. Benefit
Final Thoughts
Risk is a BUSINESS concept! The more you understand about business and can talk about financial ramifications the more likely you are to get you fancy new security equipment.
Resources
US Computer Emergency Readiness Team - Věda a technologie
Is there some risk associated with right side audio?
hahahaha
Beacuse of Some Intelligent Guys Like you we pepole are able to get trained. I thanks a lot for this excellent explanatory presentation.
Good introductory presentation. The key concept is being able to present the risk with a $$ estimate so the business can make a business decision.
Great presentation on risk assessment. When risk assessment is done properly it allows businesses and individuals to plan ahead and develop contingency plans that are ready to be implemented should certain events occur. This not only makes the process more efficient, it also reduces some of the stress that can occur when something unexpected happens.
Thank you very much for sharing Eli. A customer has asked me to do a risk assessment, and I know (at least) have a starting point. Great job!
Extremely good presentation & information. Thank you :)
You are a blessing.... thank you for your practical way of presenting the Risk Assessment for Infosec matters...
"...to...to...to... the ghetoooooo"
LOL I love nerds.
Hey Eli, Thx for vid. Do you know if there's a software or a tool for Risk Assessment?
well explained, i got a CCA (chartered accountacy) advanced audit and assurance exam in 2 weeks time, this did help me get a wider understanding of the underlying concepts of risk and i can relate these to the syllabus area of business risk.
Regards & Thank You.
@Svinqvai You know CZcams has this feature where you can fast forward in videos?
Clearly this guy knows is Job. Love from Africa (Mali)
Excellent teacher.
Great Presentation!
wow!! You are fantastic, I already know many of these, but listening to you was such a pleasure :D .. fantastic well done
U rock bro!!!!!!! THANKS TO U, learning became fun and easy.
Bro, not gonna lie, this was awesome. you are now my idol! Few things though, risk 101...risk is never 0. Also you cracked me up with definition of HIPAA. I also liked "because Linksys dies....a lot"
Risk of volcano in Florida = 0
Risk of (natural) fire in Arctic = 0
Risk of tsunami in Colorado = 0
Risk of (natural) flood damage 500 feet above ground water level = 0
Risk of Computer failure if you have no computers, risk = 0
Risk of employee fraud, if you have zero employees = 0
Etc.
You can argue:
… risk is 0.000000000000000000000000000001
… or that a volcano will not pop up in Florida, but it will in Iceland and impact Florida indirectly, etc.
I think the point was it’s a relative comparison of probability and at some point some situations do not appear on your radar at all- it depends on LOCAL conditions which do vary.
It took some thought to find those scenarios, thanks for the thought exercise. Fun.
@@brownj0002 These are not risk then. There is no risk with the probability of occurrence equal to zero. It would become a fact not a risk.
thanks Eli,,,very important things you´ve tryied...so, if you can talk us about one Risk Analysis Methodology like CRAMM or OCTAVE or NIST it will be very interest and complementary and we´ll appreciate of that.....and you´re a good teacher, i would say knowledge consultant of Information Security.....and believe me,,i have been in a many bored webminars....
Thank you for sharing this with us. You are awesome.
Hi Ely! Thanks so much for all these preciuos info. Could u reccommand me the best e possibly the esiest to manage free firewall software to run on Windows seven,inted of the integrated one? I use Zone alarm right now, is pretty good but in my opinio has many suff that runs in background and it's not so simple to configure.
Very good and thanks! I will see more from Eli.
Hey Eli do you have any tutorials that covers continuous monitoring?
I really like this discussion . Now I am understand about risk. :)
Nice lecture after long time, it is like a University lecture.
I love your explanation, its clear and sound
The formula 'Risk = threat x vulnerability' is new to me. Risk is indeed sometimes defined in quasi-mathematical wordings, the one best known to me is 'Risk = likelihood (of an event) x impact (of the event)'. Such events could be seen as actors on vulnerabilities of assets and are known as security incidents. . I'm very happy, however, that you do point out that these 'formulae' are actually not real formulae - after all, what are the units of measurement for threats and vulnerabilities..?
HI Eli, thanks much indeed , you are really professional and i like your way of coaching. just wandering do you have any thing related to CRISC. Thanks alot
great stuff, thank you.
And yet again I search for some random string on youtube and.... when I see Eli, I watch his video(s)!
Yeah linksys sucks. I’m about to do a risk methodology powerpoint and I was pleasantly surprised that you have a video on this bc I’m subscribed to you and you’re my savior In networking lol
On vacation ;)
Thanks Eli..It was really good...Pls post more videos on Risk Assessment and how to initiate audit for any system or organisation?
Great tutorial design!
Ugh... please fix so that both my ears can hear this, and not just my left.
It's only on left 👂
Nice lesson. It is very informative.
This video was informative & entertaining. Bravo!
You are excellent!!!
Great presentation!
straight on point.. Thanks
Great presentation 😍
Do you offer classes too? If so I am willing to take with you. Trying to take computer system validation course.
very helpful .. thank you very much!
Is it just me or does the audio only output through the left earpiece on a headset?
Good intro. More pragmatic approach.
Awesome tutorial :)
event - what to do - how to do it - act - event : is this the same as Eli's explaination?
good job and well done, I like it a lot.
It's 2023 and still I found this perfect presentation on CZcams
This is good information, where did you learn it all?
thanks for the upload.
2020, I discovered this only now.
Hello Eli I received a request to put in place a data center ….it been several years that I am watching your videos ..I think you might be able to help putting this in place.
Please let me know if you can be on board on this.
Thanks.
best tutorial....
Excellent video! Thanks. Minor error: HIPAA = Health Insurance Portability and Accountability Act. M. E. Kabay, PhD, CISSP-ISSMP / Prof Comp Info Sys / Norwich University
Tres bien, Merci
this guy looks and speaks cool!
generally i am using "risks" iPhone app by hanumappa to manage all my risks
good topic v informatic
very easy to understand
Eli: Good stuff!
Don't say "ek cetera" - say "et cetera."
Don't say "retarded".
Thank you sir
I think about risk differently. Risk = a dangerous or harmful scenario. i.e. driving the highway with your eyes closed is dangerous (Risky). Risk isn't the likelihood of loss. Risk Assessment is estimating the likelihood of loss… i.e. assessing X scenario occurring over Y scenario and providing rationale and recommendations to minimise the danger / harm or stop X from happening.
My left ear liked the video!
Love it
Thanks
Good examples
My left ear enjoyed this presentation lol
Awesome
threat discussion is basically 'Business Continuity Planning'. And there's a whole suite of thinking in this space: en.wikipedia.org/wiki/Business_continuity_planning
Just cannot hear anything. Normally have no trouble with CZcams
Not with cross shredding. But yeah, burning is better but not great for the environment.
there is no such thing as zero risk amazon servers could fail :) though risk relative to your environment I agree
why one channel!
Excellent at normal speed, Phenomenal at 1.25x
HIPAA = Health Insurance Portability & Accountability Act
LOL ALL THE TIME! Who is your ISP? Who is your phone provider? Who is blah blah blah, BLAAAAANNKKKK STARES...
this video made me think that i ruined my earphone again
my right ear feels lonely
I liked your video but not the part about the boss moving his desk next to the assistant then risk of info being comprimised is high. Not all assistants are the same. They are ppl and the integrity of an assistant and any other worker is based on the person and their morals so using an assistant as an example is not a good one. Otherwise, good video 👍 at least you don’t have a heavy Chinese accent like my professor who I can barely understand 😩😩
Great risky presentation (see what I did there?) :)
"Linksys stuff dies .. a lot.."
can barely hear even with headphone.
+loubino18 change your ears or headphone
Volume is good. Your headphones sucks.
I know right? People always complain about FREE stuff...smh
$$$
yyy
Cant take it the whole 57minutes with just the left ear.
You mention malicious activity…your talking about the principles of information security: confidentiality, integrity, availability. Hackers look to get the information, change the information or make it unavailable.
please .. both ears!! :((
too long.....he can make a long story shorter can't wait an hour to see if he will tell the thing I'm interested in
Linksys stuff dies haha.
That's not what HIPAA stands for...lol!
dog water my guy
I love your videos but I hate how you say et cetera.... It's two words and the first one is pronounced eht not ehk.