Relationship Between Vulnerability, Threat, Control And Risk As They Relate to Cybersecurity
Vložit
- čas přidán 19. 03. 2021
- In this video we examine the relationship between Vulnerability, Threat, Control and Risk and how they relate to Cybersecurity.
VULNERABILITY: This is defined as the weakness in a control or a system.
THREAT: Anything (object, substance or human) that has the tendency to cause harm or destruction.
CONTROL: This is an action implemented to counter a potential threat and thus reduce a risk.
RISK: This is the likelihood of a THREAT exploiting a VULNERABILITY in a control (or system) to cause an undesirable IMPACT.
INHERENT RISK: The risk level or exposure without taking into account the actions that an organization has taken or might take (e.g., implementing security controls).
Example if you are in a banking industry, one of the inherent risk of being in banking business is Theft or Armed Robbery.
RESIDUAL RISK: This is defined as the remaining risk after an organization has implemented a risk response (control).
The core duty of cybersecurity professional is to identify, mitigate, and manage Cyberrisk to an organization’s digital assets.
Cybersecurity professional must understand risk in the context of cybersecurity, which means knowing how to determine, measure and reduce risk effectively.
Assessing risk is one of the most critical functions of a cybersecurity professional.
Without adequate knowledge of the risk, organization might implement over-protective or under-protective controls!
****Approaches to Implementing Cybersecurity Program***
Generally, there are three (3) different approaches to implementing cybersecurity program:
1. Compliance-based: This approach relies on rules & regulations or standards hence controls are implemented regardless, whether you like it or not (e.g., FISMA, HIPAA, SOX, PCI DSS etc.).
* Public Company Accounting Reform and Investor Protection Act ** U.S Senate Name For SOX**
* Corporate and Auditing Accountability, Responsibility, and Transparency Act **U.S House Name For SOX**
2. Risk-based: This approach relies on identifying the unique risk a particular organization faces and designing and implementing security controls to address that risk above and beyond the entity’s risk tolerance and business needs.
3. Ad hoc: This approach simply implements security with no particular rationale or criteria.
The free way to help the channel grow is by subscribing using the link below:
www.youtube.co...
************Patreon & Channel Support******************
www.patreon.co...
*******Order your KamilSec (KS) Designs Merch:*********
kamilsec.creat...
**************************************************************
CashApp: $Kamilzak
Zelle: kaamilzak@gmail.com
Paypal: paypal.me/MZakari
Thank You!!!
*************************************************************
Connect with me on Social Media:
Twitter: / kamilzak_1
Instagram: @Kamilzak1
The easiest analogy I have ever seen. Great work
Glad you liked it
you are certainly the best! please keep it coming. I like your style of teaching. very simplified and easy to comprehend. thank you.
No worries, more to come God willing!
You are born teacher and blessing to the world. I’m looking forward to meet you one day bro.
Thank you bro!
Hi Kamlisec, I find you RMF system categorization the most comprehensive of all the ones I have been watching on CZcams. It was detailed and hands-on. Are you teaching this class by any chance? I would love to be in your class.
No I do not teach the full RMF course anymore, I do interview preps for candidates going on interview. Kaamilzak@gmail.com
Very simplified. Thank you
You're welcome Emelia...
You made this really easy to understand. Thanks for the wonderful and informative video.
You're very welcome!
Thank you for the simple explanation.
You are welcome!
Precise and concise....👌🏼
Thanks for the comment 👍
Awesome explanation, quite easy to understand. Kudos.
Glad it was helpful!
Great job! Do you have a video on vendor risk management?
Not yet! Coming soon...
Hello good afternoon sir please which app on the laptop do they use to write resume
Use MS Word since most people like it on Word.