2.4 SRA Tool Lab Part 3

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

2 hours 7 minutes
Video Transcription
Hey, everyone, welcome back to the course. So in the last video, we went ahead and open up RS are a tool, and we also went through and started listing out. We listened at the practice information that we started listing out our assets. So again in this lab, we're just gonna go ahead and
finish out, listing out the asset as well as our vendor information. And then in the following video, we're gonna go ahead and finish our overall assessment and take a look at the output ID report.
So we left off here in our step by step lab document as selecting full disk encryption. I also showed you the disposal status options that you could choose if you had disposed of the asset.
You can also set your asset assignment and type in an acid i d. If you have that information. And you can also add a comment regarding that asset like maybe, for example, this server is in use. We market as in use, But we also might put a notation in there like a server's gonna be retired in six months or something. And just basically, the more information we want to add in this tool,
the better off we will be overall.
All right, so we're gonna move on it dot on down to step 27 years. We're gonna actually enter in information in the asset of Simon Field. So we're gonna We're just gonna put in i t. And then 123456 under I d number there. So this, I t. And 123456 again, you can enter in anything that she wanted these fields just to play around with it.
You could also add in a comment, you know,
like the students in this course
are super cool, Right? So that's you. All right,
So the next step here is just clicking on that ad button down at the bottom, right?
And then we're gonna move into step 29 where we're basically going to see that asset listed under our total assets section. So, basically, once we click, add it just drops it. India in the background here, Texas second, as you could see there, but it will eventually drop it in their force.
All right, so the next thing we're going to do is basically click the next button
and they'll take us into the next screen there.
So just click on the next button right there that's gonna actually take us into our vendor area.
Now, here we could do several things similar to the assets. So if we have a whole listing of vendors, which most organizations do, we could just take that template and throw all those in here in one shot. Basically, just upload those for our purposes. For our vendors were business associates. We're gonna go ahead, just click the add vendor button
to do it manually with just one at a time.
And we're only gonna add one, by the way, so you don't worry about adding a whole bunch of information in here.
All right? Once we do that, it's gonna go ahead and open up the papa box for us there.
So we're gonna go ahead and here and step 33 we're gonna go ahead and enter in sample vendor for the vendor names. Let's go and do that.
And again, if you really want to, you can add in whatever information he wants. If you want to use your real life vendor information, you could certainly do so.
All right
under these service type provided
under step 34. Here, we're gonna put rain somewhere. Obviously, we hope our vendors are not. Our vendors were business associates are not providing us ransom where we do not want that from them. But this was just a fun thing to throw in there and applicable to kind of what we've talked about in this course already regarding different cyber attacks, that fishing ransomware and distributed denial of service attacks.
All right, so now I'm not gonna actually worry about any information for the vendor contact information.
So basically here, I'm not gonna fill this out. You're welcome to fill out anything. You want it there. It's not a requirement, at least on my end. So I'm just gonna leave that alone for now. You can also fill all this out and at a secondary contact. If you wanted to again, I'm gonna skip those components of it on my example here.
And then what we're going to do is just go ahead and select yes to each of these little checkbox questions here instead, 37
and they just select the ad button at the bottom. So we're just going to say yes to both of those who just click in the box here. That'll mark them as a yes and just click on the ad. But in there. But once you notice is that our vendor now shows in the background there in our little column.
All right, so the next thing we're going to do is go to the documentation area and we're just gonna take a look at that real quick, and then we move into our last part of our lab.
So you click next year, that's gonna take us into the documents area. And so here you can add any type of additional documentation you want. So if you made minute mention to certain things, you can add a reference. If you've got maybe an incident response plan, it might be good to upload that it here is kind of example. And what you could do with the report that you're out putting on this,
This is just another another tool, essentially number one for you and your organization,
but also if, like, uh, regulatory bodies come through, this is a good way to have information just kind of easily digestible for them.
So just keep that in mind as well. Again, not legal advice. I I like to throw that disclaimer in here since we're kind of covering a ah law here. I mean, this course while we are covering the law here in this course, but I just want to mention that this is not legal advice in any capacity. These are all my personal opinion IDs.
All right, So if you want to add documents, that's the place to do it. What we're going to do in the next video, just click on what we're gonna do here. We're just gonna click on next, and then that's gonna take us into the actual assessment area of the tool. And what you're going to notice is we've got several areas that we need a complete of the assessment. We have seven sections.
What I will do is I'm going to you kind of walking through a section one section to what you're gonna notice is that all of them are pretty much the same. Overall,
they ask different questions, of course, but the structure is the same. And so what I'll do eventually, it's all say, Hey, I'm not going to keep filming this part of it. I'm just gonna pause it and I'll pick things back up in section seven so we could go ahead and actually take a look at our summary and generate our report, mostly because it is gonna take a while to answer all those questions and answer them effectively.
And I don't wanna have you on a video for, like, 45 minutes or an hour, too,
just so you could watch me fill out questions. That's not too exciting. But we won't take a look and kind of guide you through a couple of random answers that will be doing, uh And again, if you want to just do this on your own. If you just want to fill out this and compare it to your organization and actually answer these questions, by all means, feel free to pause the video and go ahead and do that.
The overarching goal here is to meet up with me again. If you if you do it that way,
just meet up with me again in section seven before you actually take a look at the summary. So that way we could take a look at everything together.
All right, So again, in this video we just covered, we wrapped up entering an information about our vendors as well as about our assets. And as I mentioned already in the next video, we're gonna be taking a look at the assessment questions themselves.
Up Next