2020 -Assets Based Risk Assessment under ISO 27001:2013

Рет қаралды 23,089

Sanjay Gore

Күн бұрын

Пікірлер: 90

@RS-ws5lh Жыл бұрын

Thank you sanjay, your video is more understandable, when ever I used to get doubt I will watch your videos.

@SanjayGore Жыл бұрын

Thanks you very much. I am happy that my little efforts are helpful for you to understand.

@phathiswabam2630 2 жыл бұрын

Thank you very much for knowledge sharing. This is talking about perfect timing for me.

@SanjayGore 2 жыл бұрын

Thanks I am happy my efforts are useful for your help, may be a very samll. Thank again for communicating it to me.

@DramaNakkoMama 4 жыл бұрын

I saw many videos sir, but u explained it very clearly.... Thank you so much

@SanjayGore 3 жыл бұрын

Thanks. You are welcome.

@anilkarmarkar5664 4 жыл бұрын

Really good one, and useful even basics will get clear , particularly for professionals who are running mfg companies and infrastructure companies .

@SanjayGore 4 жыл бұрын

Thanks for those good words.

@hashamkhan8477 Жыл бұрын

Thank you so much Sir. I really learned a lot about RA on Assets today. I have subscribed your channel and planning to spend lots of time and watch all your videos on BC stuff. Love from Canada

@SanjayGore Жыл бұрын

Thank you very much for those good words. Also thanks for subscribing.

@Awesomeite4life 4 жыл бұрын

This was very insightful. Really appreciate the efforts taken to explain this concept.

@SanjayGore 2 жыл бұрын

Glad it was helpful!

@Njk-h2o Жыл бұрын

Very Informative and Valuable Sir Thank you for sharing Valuable Knowledge 🙏

@SanjayGore Жыл бұрын

Thank you very much. I am happy that my little effort helped you understand certain concepts.

@ravindranadig9045 4 жыл бұрын

Simple and effective presentation of the concept. Thank you for sharing.

@SanjayGore 4 жыл бұрын

You are welcome

@solomona8695 2 жыл бұрын

Thanks for sharing. The content was really good and well-presented.

@SanjayGore 2 жыл бұрын

Thanks Solomon for these kind words.

@spmanoj123 Жыл бұрын

Great thanks for this wonderful practical session of RA.

@SanjayGore Жыл бұрын

Thank you for those good words.

@musfarkoodakkara3603 Жыл бұрын

Thank you so much for these wonderful sessions, sir. Kindly do post more on GRC based sessions. Keep posting some real time practical kind of stuffs if possible. Eagerly waiting for upcoming videos.

@SanjayGore Жыл бұрын

Thank you so much for those kibd words. Sure, I will post as suggested by you. Keep engaging. Thanks again.

@dessert91 2 жыл бұрын

good content sir. I have watched it several times.

@SanjayGore 2 жыл бұрын

Thank you very much

@YESCHEMISTRY 3 жыл бұрын

Nicely explained.. thank you sir

@SanjayGore 3 жыл бұрын

Thanks for those good words. It inspires me to do more.

@danishdurrani 4 жыл бұрын

Good intro and very useful

@SanjayGore 4 жыл бұрын

Thank you, Danish. Some of the concepts presented are learned through you; while I was in Saudi.

@khushhallonkar 4 жыл бұрын

You have made it look very simple. Thank you.

@SanjayGore 4 жыл бұрын

Thank you Sir

@arsalananwar8265 2 жыл бұрын

11 new controls introduced in the ISO 27001 2022 revision: A.5.7 Threat intelligence A.5.23 Information security for use of cloud services A.5.30 ICT readiness for business continuity A.7.4 Physical security monitoring A.8.9 Configuration management A.8.10 Information deletion A.8.11 Data masking A.8.12 Data leakage prevention A.8.16 Monitoring activities A.8.23 Web filtering A.8.28 Secure coding

@SanjayGore 2 жыл бұрын

What you say is a revision in ISO 27002:2013 replaced with 27002:22. Secondly, it is not an addition but a replacement. And the revised ISO 27001:2022 is yet to come.

@arsalananwar8265 2 жыл бұрын

@@SanjayGore What's the latest version of ISO 27001? ISO 27002 A comprehensive update of ISO 27001 is expected to be released in October 2022. Once updated, the latest version of ISO 27001 will align with changes made to ISO 27002 and published in February 2022.

@HaseebKhan-cx1sh 2 жыл бұрын

Excellent work, Sir; I appreciate your efforts

@SanjayGore 2 жыл бұрын

👍 Thanks

@anitapanchal9152 2 жыл бұрын

Thanks you soo much sir for sharing knowledge

@SanjayGore 2 жыл бұрын

Thanks. You are welcome. Please subscribe and share the video.

@funkyputul 3 жыл бұрын

Simple and to the Point, very well explained.

@SanjayGore 3 жыл бұрын

Thank you these good words.

@preritshah9915 4 жыл бұрын

Content covered is quite useful for both beginners and experts in the Industry, great delivery. The background music is a little disturbing.

@SanjayGore 4 жыл бұрын

Thank you, Prerit

@ShivajiMirashe 3 жыл бұрын

Very nice and learning this session. Thanks you Sir.

@SanjayGore 3 жыл бұрын

Thank you very much Sir for those kind words. It is my pleasure.

@manohargudekar3639 4 жыл бұрын

Very well done 👍

@SanjayGore 4 жыл бұрын

Thanks, Manohar.

@inspiretobepositive 3 жыл бұрын

Great work sir

@SanjayGore 3 жыл бұрын

Thanks, Jayesh.

@shahrukhdaud7989 Жыл бұрын

👍👍👍

@abhijeetupadeo2052 4 жыл бұрын

Highly appreciate the simplification

@SanjayGore 4 жыл бұрын

Thanks

@sanatkolhatkar.2646 4 жыл бұрын

Interesting Video..!!

@SanjayGore 4 жыл бұрын

Thanks Sanat.

@madhavvaidya1208 4 жыл бұрын

Good to listen new. Topic voice quality requires improvement also विडिओ wiil be more effective if points are written on blackboard and explain slowly by taking a sample case say of any startup hypothetically

@UniversalJunction-nr2ix Ай бұрын

hello sanjay sir how you assessed risk count of 169 in "information assets" can you please explain ?

@SanjayGore Ай бұрын

The value of 169 is a no of risks. If you make a Total of risk Zero controls (15+49+78+27=169) Total of risk Existing (48+56+45+20=169) Total of risk Planned (142+22+2+2=169) So risk treatment for planned controls would be reducing the critical from 27 to 2 , and low from 15 to 143, however the total no risks remain the same. Thanks .

@KhurramShahzad-qb5sk Жыл бұрын

risk level didvided in 4 equal parts, if impact is medium and likelihood is medium then with this table final risk come in low number. same if high impact and high likelihood then risk result come in medium block. how you can explain this

@farhancpa 2 жыл бұрын

sir, you should example like what are corrective controls, detective controls etc. just reading from the slides don't help much

@abodhkant9493 3 жыл бұрын

Nicely explained sir. Thankyou so much for such a clear and nice contents. Sir could you please also make a video on CIA rating criteria, I mean how to decide 1~4 rating for Credibility, Integrity and availability?

@SanjayGore 3 жыл бұрын

Yes. Thanks for suggestion.I will do it. It confidentiality and not credibility.

@abodhkant9493 3 жыл бұрын

@@SanjayGore Thankyou Sir..!!

@Kris9341 2 жыл бұрын

Hello Sanjay, thanks for this great resource. Please I have a question. My question is; in the table below, I have various threat values for assetname "Laptop" and again had various threat values for assetname "Database server". In this situation, which of the threat values should I take as the actual threat value for a specific (single) asset? Assetname Threats Frequency Impact Value Threat Threat Value Laptop Virus & malware 4 4 16 4 Data & information theft 4 4 16 4 vandalism 3 3 9 3 unauthorized access 1 2 2 1 Ransomware 2 2 4 1 Date deletion 1 3 3 1 Database server Sql injection 3 4 12 3 Virus & malware 4 4 16 4 Data & information theft 4 4 16 4 vandalism 3 3 9 3 unauthorized access 1 2 2 1 Ransomware 2 2 4 1 Date deletion 1 3 3 1

@usmanshahzad3158 Жыл бұрын

Where is the impact section goes ?

@SanjayGore Жыл бұрын

Thanks for your response. Likelihood multiplied by Impact becomes Threat Value. Impact is the assessment of severity of the threat. Hope this suffices your query. Thanks again for asking the question.

@usmanshahzad3158 Жыл бұрын

@@SanjayGore it's clear so we calculate the risk score as threat*vul* asset value, please correct me if I am wrong

@SanjayGore Жыл бұрын

@@usmanshahzad3158 Your statement is correct, Sir.

@suryakantbhadale9556 4 жыл бұрын

Critical concepts made simpler

@SanjayGore 4 жыл бұрын

Thanks, Suryakant. Many of these are learned with you when we were preparing for CISA long back in 2004

@jeangrace6749 Жыл бұрын

How to compute vulnerability?

@SanjayGore Жыл бұрын

Thanks for your query. The vulnerability is other side of effectiveness of control. More the effectiveness of control lesser the vulnerability and vice versa.

@NavaneethE 3 жыл бұрын

who will decide asset value is it data owner / asset owner or auditor/implementer ?

@SanjayGore 3 жыл бұрын

Thanks for the query. The assets value is decided by the risk owner and assets owner. In the risk assessment, the asset-owner is the occupier of the assets (information). As we have seen that the organization should define the risk owner while developing the assets register. So the asset- value is decided by the asset owner. Thanks for your query.

@NavaneethE 3 жыл бұрын

@@SanjayGore Thanks

@furiousruffian6041 3 жыл бұрын

Sir, request if you could also make a video based on Context. Normally, it is called as Context Based Risk Assessment. Thanks

@SanjayGore 3 жыл бұрын

Sure. Your suggestion is well taken. Thanks for that.

@furiousruffian6041 3 жыл бұрын

@@SanjayGore looking forward to a fantastic video

@kamalabdulawel6457 10 ай бұрын

Hi everybody, i dont get the result of probability × impact value can become 4.

@SanjayGore 10 ай бұрын

Can u further through some light, for me to explain more?

@kamalabdulawel6457 10 ай бұрын

Hello Sanjay, thanks for the quick reply and your great Präsentation. I dont understand how the threat value is calculated. In your präsentation it says threat value is probabilty * impact value. This Value is larger than 1 -4 how do you get your Threat Value exactly. Is ist just estamation.

@arisocariza5334 2 жыл бұрын

is it okay to use -> Asset + Threat + Vulnerability = Risk

@SanjayGore 2 жыл бұрын

Yes. The organization can use eighter + or x as per convenience. But popular is X

@darasridhar 4 жыл бұрын

Background noise is very disturbing...

@SanjayGore 4 жыл бұрын

Thanks,. Will take care in next video.

@SanjayGore 4 жыл бұрын

Thanks, Sridhar for your suggestion. I tried to edit the file online to remove the music altogether, but it affected the file itself. I am not a professional video editor, hence could not exactly cut the noise. My trial and error effected in very disturbing scenarios, and since it is in the beginning it may affect the moment of truth. So, ultimately I had to revert back to the original. Your suggestions are valid and big thanks for that. In my next uploading, I will take care of that. Your suggestion gave an opportunity to learn how to edit the already uploaded video to youtube.