Introduction to Risk Assessment
Рет қаралды 226,381
Күн бұрынInfo
Level: Beginner
Presenter: Eli the Computer Guy
Date Created: October 12, 2010
Length of Class: 57 Minutes
Tracks
Computer Security /Integrity
Prerequisites
None
Purpose of Class
This class teaches students the basic concepts behind Risk Assessments.
Topics Covered
Defining Risk, Threat and Vulnerability
Types of Protections
Mitigation Concepts
Business Rational for Risk Assessment and Management
Class Notes
Introduction
The better you know technology the better you will do with Risk Assessment/ Management.
Risk
Risk = Treat x Vulnerability
Overview of Risk
Risk is defined as the likelihood of financial loss.
Risk is a business concepts not a technological one.
Down Time
Fraud
Legal data loss issues
Hacking -- Attacks from your network
Data Theft (Trade Secrets)
Overview of Threat
i. Natural Disatser
ii. Malicious Human
iii. Accidental Human
iv. System Failure
Impersonation
Interception
Interference
Overview of Vulnerability
Flooding
Theft of Systems
Hacking
Viruses
Overview of Protections Technoloigical Safe Guards
Physical/ Operational Security
Disaster Plan
Documentation
Technological Safeguards (Firewalls, Antivirus)
Concepts of Mitigation
Incident - Response - Debrief - Mitigation
Making Bad not so bad
You will never be safe
Security Buy In and Quantifying Risk
The business leaders will make the final decision on Risk Management
The better your BUSINESS argument the more likely you are to get the go ahead.
What is the cost of downtime
What is the legal cost
Cost of Security vs. Benefit
Final Thoughts
Risk is a BUSINESS concept! The more you understand about business and can talk about financial ramifications the more likely you are to get you fancy new security equipment.
Resources
US Computer Emergency Readiness Team
@rulk9129 7 жыл бұрын
Is there some risk associated with right side audio?
@rm2slam 6 жыл бұрын
hahahaha
@MegaSam05 12 жыл бұрын
Beacuse of Some Intelligent Guys Like you we pepole are able to get trained. I thanks a lot for this excellent explanatory presentation.
@johnathanhunt6440 10 жыл бұрын
Bro, not gonna lie, this was awesome. you are now my idol! Few things though, risk 101...risk is never 0. Also you cracked me up with definition of HIPAA. I also liked "because Linksys dies....a lot"
@brownj0002 8 жыл бұрын
Risk of volcano in Florida = 0 Risk of (natural) fire in Arctic = 0 Risk of tsunami in Colorado = 0 Risk of (natural) flood damage 500 feet above ground water level = 0 Risk of Computer failure if you have no computers, risk = 0 Risk of employee fraud, if you have zero employees = 0 Etc. You can argue: … risk is 0.000000000000000000000000000001 … or that a volcano will not pop up in Florida, but it will in Iceland and impact Florida indirectly, etc. I think the point was it’s a relative comparison of probability and at some point some situations do not appear on your radar at all- it depends on LOCAL conditions which do vary. It took some thought to find those scenarios, thanks for the thought exercise. Fun.
@abdollahabdi4900 5 жыл бұрын
@@brownj0002 These are not risk then. There is no risk with the probability of occurrence equal to zero. It would become a fact not a risk.
@lakhanialhijab 12 жыл бұрын
well explained, i got a CCA (chartered accountacy) advanced audit and assurance exam in 2 weeks time, this did help me get a wider understanding of the underlying concepts of risk and i can relate these to the syllabus area of business risk. Regards & Thank You.
@TheBoudiay 12 жыл бұрын
Clearly this guy knows is Job. Love from Africa (Mali)
@jayzeraquino8667 3 жыл бұрын
You are a blessing.... thank you for your practical way of presenting the Risk Assessment for Infosec matters...
@InstTaxSolutionsLLC 11 жыл бұрын
Great presentation on risk assessment. When risk assessment is done properly it allows businesses and individuals to plan ahead and develop contingency plans that are ready to be implemented should certain events occur. This not only makes the process more efficient, it also reduces some of the stress that can occur when something unexpected happens.
@oscarmanuelguarinfigueroa1808 9 жыл бұрын
thanks Eli,,,very important things you´ve tryied...so, if you can talk us about one Risk Analysis Methodology like CRAMM or OCTAVE or NIST it will be very interest and complementary and we´ll appreciate of that.....and you´re a good teacher, i would say knowledge consultant of Information Security.....and believe me,,i have been in a many bored webminars....
@wyattculberson1943 8 жыл бұрын
Good introductory presentation. The key concept is being able to present the risk with a $$ estimate so the business can make a business decision.
@BriWells426 6 жыл бұрын
Yeah linksys sucks. I’m about to do a risk methodology powerpoint and I was pleasantly surprised that you have a video on this bc I’m subscribed to you and you’re my savior In networking lol
@MktNinja 9 жыл бұрын
Hey Eli, Thx for vid. Do you know if there's a software or a tool for Risk Assessment?
@z3jlewhhda376 Жыл бұрын
It's 2023 and still I found this perfect presentation on KZbin
@Limitless1717 11 жыл бұрын
Thank you very much for sharing Eli. A customer has asked me to do a risk assessment, and I know (at least) have a starting point. Great job!
@TheBebe4ever 9 жыл бұрын
HI Eli, thanks much indeed , you are really professional and i like your way of coaching. just wandering do you have any thing related to CRISC. Thanks alot
@ForteanOrg 11 жыл бұрын
The formula 'Risk = threat x vulnerability' is new to me. Risk is indeed sometimes defined in quasi-mathematical wordings, the one best known to me is 'Risk = likelihood (of an event) x impact (of the event)'. Such events could be seen as actors on vulnerabilities of assets and are known as security incidents. . I'm very happy, however, that you do point out that these 'formulae' are actually not real formulae - after all, what are the units of measurement for threats and vulnerabilities..?
@subhodhambali 13 жыл бұрын
Extremely good presentation & information. Thank you :)
@digbyte 10 жыл бұрын
threat discussion is basically 'Business Continuity Planning'. And there's a whole suite of thinking in this space: en.wikipedia.org/wiki/Business_continuity_planning
@hopemariemcfadden4900 3 жыл бұрын
This video was informative & entertaining. Bravo!
@theindianguy3148 5 жыл бұрын
Thanks Eli..It was really good...Pls post more videos on Risk Assessment and how to initiate audit for any system or organisation?
@marthacatra1322 4 жыл бұрын
I love your explanation, its clear and sound
@reeyakarki4588 3 жыл бұрын
Great presentation 😍 Do you offer classes too? If so I am willing to take with you. Trying to take computer system validation course.
@sisirakosgoda7700 10 жыл бұрын
Nice lecture after long time, it is like a University lecture.
@ssambadenis9401 2 жыл бұрын
straight on point.. Thanks
@digbyte 10 жыл бұрын
I think about risk differently. Risk = a dangerous or harmful scenario. i.e. driving the highway with your eyes closed is dangerous (Risky). Risk isn't the likelihood of loss. Risk Assessment is estimating the likelihood of loss… i.e. assessing X scenario occurring over Y scenario and providing rationale and recommendations to minimise the danger / harm or stop X from happening.
@googo34 6 жыл бұрын
And yet again I search for some random string on youtube and.... when I see Eli, I watch his video(s)!
@bigweirdo9947 9 жыл бұрын
"...to...to...to... the ghetoooooo" LOL I love nerds.
@DaBBoSaH 10 жыл бұрын
wow!! You are fantastic, I already know many of these, but listening to you was such a pleasure :D .. fantastic well done
@ryanm4769 3 жыл бұрын
My left ear enjoyed this presentation lol
@mahbubislam4179 8 жыл бұрын
I really like this discussion . Now I am understand about risk. :)
@triforcelink 13 жыл бұрын
This is good information, where did you learn it all?
@sambitsarkar6987 10 жыл бұрын
U rock bro!!!!!!! THANKS TO U, learning became fun and easy.
@Accenn7 2 жыл бұрын
Hello Eli I received a request to put in place a data center ….it been several years that I am watching your videos ..I think you might be able to help putting this in place. Please let me know if you can be on board on this. Thanks.
@mekabay 11 жыл бұрын
Excellent video! Thanks. Minor error: HIPAA = Health Insurance Portability and Accountability Act. M. E. Kabay, PhD, CISSP-ISSMP / Prof Comp Info Sys / Norwich University
@irispep 5 жыл бұрын
Thank you for sharing this with us. You are awesome.
@karmakarnestein4009 11 жыл бұрын
Hi Ely! Thanks so much for all these preciuos info. Could u reccommand me the best e possibly the esiest to manage free firewall software to run on Windows seven,inted of the integrated one? I use Zone alarm right now, is pretty good but in my opinio has many suff that runs in background and it's not so simple to configure.
@elithecomputerguy 11 жыл бұрын
On vacation ;)
@maddox4747 11 жыл бұрын
Ugh... please fix so that both my ears can hear this, and not just my left.
@gopaltsg 5 жыл бұрын
It's only on left 👂
@brandonfarfan1978 5 жыл бұрын
Nice lesson. It is very informative.
@kennySg101 7 жыл бұрын
Good intro. More pragmatic approach.
@mediacoregroupph 10 жыл бұрын
event - what to do - how to do it - act - event : is this the same as Eli's explaination?
@daNeterAUsaru999 12 жыл бұрын
Hey Eli do you have any tutorials that covers continuous monitoring?
@nicholashughes8214 10 жыл бұрын
Great Presentation!
@Danieled91 4 жыл бұрын
2020, I discovered this only now.
@hiphoponeworld 13 жыл бұрын
@Svinqvai You know KZbin has this feature where you can fast forward in videos?
@makeitsimpleyo 11 жыл бұрын
Excellent teacher.
@Fineghang8768 3 жыл бұрын
very easy to understand
@kbadwi 11 жыл бұрын
good job and well done, I like it a lot.
@shingyau2 9 жыл бұрын
You are excellent!!!
@earlejones 11 жыл бұрын
Eli: Good stuff! Don't say "ek cetera" - say "et cetera."
@amberspence2307 3 жыл бұрын
Don't say "retarded".
@trivenisatyanarayana877 11 жыл бұрын
this guy looks and speaks cool! generally i am using "risks" iPhone app by hanumappa to manage all my risks
@techiegz 5 жыл бұрын
HIPAA = Health Insurance Portability & Accountability Act
@Qibilii 12 жыл бұрын
Great tutorial design!
@TheStevenWhiting 12 жыл бұрын
Not with cross shredding. But yeah, burning is better but not great for the environment.
@silentlips8871 7 жыл бұрын
good topic v informatic
@Susannnnnn 9 жыл бұрын
great stuff, thank you.
@zmorrell1562 Жыл бұрын
Is it just me or does the audio only output through the left earpiece on a headset?
@Fevah5 5 жыл бұрын
Excellent at normal speed, Phenomenal at 1.25x
@mokar0873 11 жыл бұрын
Tres bien, Merci
@igotmail9 13 жыл бұрын
Good examples
@_first_touch_ 6 жыл бұрын
My left ear liked the video!
@mm0c12951 12 жыл бұрын
thanks for the upload.
@cybersaintify 12 жыл бұрын
Awesome tutorial :)
@anshumankak 11 жыл бұрын
best tutorial....
@abubakarmtom8505 7 жыл бұрын
Thank you sir
@sam111880 11 жыл бұрын
there is no such thing as zero risk amazon servers could fail :) though risk relative to your environment I agree
@williamwellborn9200 9 жыл бұрын
Awesome
@mikethompson3635 9 жыл бұрын
Just cannot hear anything. Normally have no trouble with KZbin
@baglover917 6 жыл бұрын
I liked your video but not the part about the boss moving his desk next to the assistant then risk of info being comprimised is high. Not all assistants are the same. They are ppl and the integrity of an assistant and any other worker is based on the person and their morals so using an assistant as an example is not a good one. Otherwise, good video 👍 at least you don’t have a heavy Chinese accent like my professor who I can barely understand 😩😩
@bassambusiness8990 9 жыл бұрын
Thanks
@Adam-vo6cr 10 жыл бұрын
LOL ALL THE TIME! Who is your ISP? Who is your phone provider? Who is blah blah blah, BLAAAAANNKKKK STARES...
@mmughal 8 жыл бұрын
why one channel!
@Starius2 11 жыл бұрын
Love it
@oussamagharbi5419 5 жыл бұрын
this video made me think that i ruined my earphone again
@indrajeetmahajan4691 6 жыл бұрын
my right ear feels lonely
@digbyte 10 жыл бұрын
You mention malicious activity…your talking about the principles of information security: confidentiality, integrity, availability. Hackers look to get the information, change the information or make it unavailable.
@eligraham55 11 жыл бұрын
Great risky presentation (see what I did there?) :)
@planck10-43 4 жыл бұрын
"Linksys stuff dies .. a lot.."
@loubino18 9 жыл бұрын
can barely hear even with headphone.
@dr.wazihahmad786 9 жыл бұрын
+loubino18 change your ears or headphone
@brad4058 7 жыл бұрын
Volume is good. Your headphones sucks.
@BigJyeTV 11 жыл бұрын
I know right? People always complain about FREE stuff...smh
@heho5936 4 жыл бұрын
Cant take it the whole 57minutes with just the left ear.
@Svinqvai 13 жыл бұрын
too long.....he can make a long story shorter can't wait an hour to see if he will tell the thing I'm interested in
@arturpojo 6 жыл бұрын
please .. both ears!! :((
@KennethHawkinsMyBos 7 жыл бұрын
$$$
@ljiljanaprimorac1740 8 жыл бұрын
yyy
@faheemahsan672 5 жыл бұрын
Linksys stuff dies haha.
@Shermanre1 4 жыл бұрын
That's not what HIPAA stands for...lol!
@horizon2814 3 жыл бұрын
dog water my guy
@victorqwilleran3331 7 жыл бұрын
I love your videos but I hate how you say et cetera.... It's two words and the first one is pronounced eht not ehk.
@dicktongtong 11 жыл бұрын
Very good and thanks! I will see more from Eli.
@ChecksSuperstore 11 жыл бұрын
Great presentation!
حرف إبداعية للمنزل في 5 دقائق
Рет қаралды 70 МЛН
I migliori trucchetti di Fabiosa
Рет қаралды 12 МЛН
Stanford Graduate School of Business
Рет қаралды 41 МЛН