Alert icon
We're changing our privacy policy. This stuff matters.  Learn more  Dismiss

Practical Risk Assessment and Mitigation

Sign in or sign up now!
Alert icon
Upgrade to the latest Flash Player for improved playback performance. Upgrade now or more info.
2,285
Loading...
Alert icon
Sign in or sign up now!
Alert icon

Uploaded by on Dec 12, 2010

Info

Level: Beginner
Presenter: Eli the Computer Guy
Date Created: October 13, 2010
Length of Class: 69 Minutes
Tracks

Computer Security /Integrity
Prerequisites

Introduction to Risk Assessment
Purpose of Class

This class teaches students how to conduct a Risk Assessment
Topics Covered

The Risk Assessment Process
What to Look for in a Risk Assessment
Class Notes

Introduction
Security is just good technology
Risk is a business decision
Assessment Process
Overview
Determine Vulnreabilities
Determine Threats
Determine Assets
Determine Buiness Justifications
Interview the Owner/ CEO
What's your business?
What do you do?
How computer dependant are you?
How comfortabale with technology are you?
How many employees?
How many employees with computers?
What problems are you currently having?
What are your concerns?
Do You have legal requirements for data?
How are your systems currently being used?
Do you own/ can you make changes to the building?
Do you have maintenance contracts with other IT companies.
Current Operational Security Procedures
Known Threats -- Natural/ Employees/ Outsiders
What is your Risk tolerance
What's you IT Budget?
Observer infrastructure
Quality of cabling?
Quality/ age of equipment
Physical Appearance of equipment?
Pointless equipment?
Physical Security
Talk with Employees
What problems are you having?
Is there something that can make your life better?
Documentation Analysis
Who/ What When/ Where /Why?
Is the software accessible
Systems Analysis
Sit down at the computers/ equipment and determine their current state
Not enough RAM can cause as much economic loss as a virus!
Create a Plan and Brief Client
Create a plan spelling out vulnerabilities, threats, assets
Plan should have as few options as possible
Plan should have steps -- first infrastructure, then computers, then policies
Focus on business reasons
Determine feasibility and Get buy in
Mitigation Process
As you work the plan continue to assess systems and situation
Is the planned solution still the best solution?

Category:

Science & Technology

Tags:

License:

Standard YouTube License

  • likes, 0 dislikes

Link to this comment:

Share to:
see all

All Comments (1)

Sign In or Sign Up now to post a comment!

  • I like his no-nonsense approach. The focus on the business financial impacts is so well emphasized. So is the intangible effect of security: if it can't be seen, business people don't get it. You have to translate security in terms of financial impact; you have to talk business people talk. We tend to forget how the business exists to make money, not make IT geeks (like me) happy.

    SomeInfoSecDude 4 months ago

Loading...

Alert icon
0 / 00Unsaved Playlist Return to active list
    1. Your queue is empty. Add videos to your queue using this button:
      or sign in to load a different list.
    Loading...Loading...Saving...
    • Clear all videos from this list
    • Learn more