telecomvideos.com
Welcome
Login / Register

Practical Risk Assessment And Mitigation

Your video will begin in 5

Thanks! Share it with your friends!

URL

You disliked this video. Thanks for the feedback!

Sorry, only registred users can create playlists.
URL
Added by Eli the computer guy in Z-Technology Questions and Answers
295 Views

Description

Info

Level: Beginner
Presenter: Eli the Computer Guy
Date Created: October 13, 2010
Length of Class: 69 Minutes
Tracks

Computer Security /Integrity
Prerequisites

Introduction to Risk Assessment
Purpose of Class

This class teaches students how to conduct a Risk Assessment
Topics Covered

The Risk Assessment Process
What to Look for in a Risk Assessment
Class Notes

Introduction
Security is just good technology
Risk is a business decision
Assessment Process
Overview
Determine Vulnreabilities
Determine Threats
Determine Assets
Determine Buiness Justifications
Interview the Owner/ CEO
What's your business?
What do you do?
How computer dependant are you?
How comfortabale with technology are you?
How many employees?
How many employees with computers?
What problems are you currently having?
What are your concerns?
Do You have legal requirements for data?
How are your systems currently being used?
Do you own/ can you make changes to the building?
Do you have maintenance contracts with other IT companies.
Current Operational Security Procedures
Known Threats -- Natural/ Employees/ Outsiders
What is your Risk tolerance
What's you IT Budget?
Observer infrastructure
Quality of cabling?
Quality/ age of equipment
Physical Appearance of equipment?
Pointless equipment?
Physical Security
Talk with Employees
What problems are you having?
Is there something that can make your life better?
Documentation Analysis
Who/ What When/ Where /Why?
Is the software accessible
Systems Analysis
Sit down at the computers/ equipment and determine their current state
Not enough RAM can cause as much economic loss as a virus!
Create a Plan and Brief Client
Create a plan spelling out vulnerabilities, threats, assets
Plan should have as few options as possible
Plan should have steps -- first infrastructure, then computers, then policies
Focus on business reasons
Determine feasibility and Get buy in
Mitigation Process
As you work the plan continue to assess systems and situation
Is the planned solution still the best solution?

Show more

Post your comment

Comments

Be the first to comment
RSS