2.5 SRA Tool Lab Part 4
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
2 hours 7 minutes
Hey, everyone, welcome back to the core. So in the last video, we went ahead and finished entering in our information about our asset eso again. We just went ahead and entered one asset and for our our fake organization. Obviously, you want to add all your assets in across the organization and enter that information in. We also went ahead and entered in a vendor
again. Most organizations will have a lot of
assets and a lot of vendors or business associates. And so it may be more practical for you to download the template they offer and just for all your vendors or your business associates or your assets. And just upload that automatically so you don't have toe basically do the one of the time method and entering everything in manually.
In this video, we're gonna go ahead and start going through our assessment questions. Now again, there's seven sections here, and so I'm not gonna actually walking through every single section but basically the structure of most sections of the same, where you just enter a bunch of different questions related to your organization. It's Eunice and answer those based off your organization or for our purposes in this course. Just
it really doesn't matter too much.
It was a mention of my kind of start you off, and then I'm gonna pause a video on my end. I'll go through all the questions on my side, and then I'll meet back up with and everyone in section seven of the assessment tool, and then we'll take a look at the actual summary and the report that it generates for us.
All right. You should still be inside of the tool. You should still be on the U ships to be on the assessment page from the last video that we did. If you close to the tool for some reason, I'm just opening back up and continue on with the, uh, s sorry assessment that you're doing. And it should take you right back to this spot.
So step number two here. If you If you have not already click next you'll again, just be assessment page here. You should be good to go. Now what you're gonna notice once you come to this page here, it's gonna give you some basic information about the assessment itself.
And if you if you want to read through that you can again. It's pretty a straightforward process. But I'm just gonna go ahead and scroll to the bottom here where this the next button.
And that'll actually let me get started answering the questions. So once you've read through all that, if you want to, just go ahead and scroll to the bottom and click next, and then you should be good to go.
All right? Now where it's gonna ask us again. A series of questions here. Uh, I'm gonna go ahead and select. I don't know. So here in step three, just either select. I don't know where you again. She's whatever option you want. So I'm just gonna choose, I don't know here and select next
to this question. And then at this question here, I'm just going to select the top option here. That hey, yes, we do review our practices, security policies and procedures and compared to current regulations so good for us, Right? But if you don't actually know that if you're feeling this out for real and you don't know any of this, just be honest, say I don't know
and what that does. You know, if you answer these questions honestly and openly.
It's gonna generate the summary and give you suggestions on things that you need to work on. So it's very, very important that you that you you know when you're doing this for real that you answer it appropriately.
So just answer that question there and say next for our example in this lab.
All right, so the next day we're going to do
this Was he received many options here. I want to select some different vulnerabilities or, you know, as they call vulnerabilities. The verbiage is a little weird there for your cyber security professional, but they technically, our vulnerabilities in some capacity, so inadequate asset tracking and failure to remediate known risk.
So I'm just gonna select those check boxes there. That's those top two there.
Excuse me? Uh, not that one there, but that inadequate asset transfer tracking this when I wanted the 4th 1 down there. And once we've selected those, just click next again. If you want to choose them all or just one, that's perfectly fine.
Then just click the next 11. Once you're done,
let's go back to our lab document here.
Now it's gonna take a second or so not worth the likelihood page here on step six. And so we want to go ahead for all the likelihoods we wanted to select high for those, and then we're just gonna select medium for all of the impact. So just keep things pretty simple here. We're just gonna select high
for all these ones under the likelihood call them and then medium for all these ones under the impact column.
So we're just gonna go through and do that? I'm just gonna go ahead and click these pretty quickly again. You can read through those and take a look at those. And
as always, you could just modify this as you want. Or if you're doing this for real on your organization, obviously take the timeto to read through stuff.
If we scroll down here, you'll see we have even more items that fill out before we can move on to the next page. So same thing here. Just, uh hi for all the likelihoods, at least on my end and then medium for all the impacts.
All right, so once we've done that, just go ahead and click on the next button.
It's gonna take us to the next screen there.
All right, so at the next street here, we're here it Ah, step number 10.
It's gonna show us the areas of improvement. Here s o areas of success in areas of review. You notice we have 0% areas of success. So obviously, since we haven't, we weren't able to acknowledge that we've completed s sorry before. And basically, we're not unnecessarily ensuring
that we're actually meeting HIPPA security regulations. Which both of those are. Bad thing, by the way,
Uh, so we're not assuring any of that stuff. So that's why it's showing a red like a You've got a lot of basically a lot of a roof room for improvement in your company. If this is like a legit thing, right,
we can also add information Indira's well, as you notice an upload documents option there. So it's going click the next point in here.
Are you gonna notice that we've got um
no, we've got additional questions here, so I'm gonna go ahead and answer the no to this one here. So basically, the question is, do you maintain documentation of policies and procedures regarding risk assessment, risk management, information, security activities. So I'm just basically saying, Hey, I'm a terrible organization, right? I don't I don't maintain any of that stuff.
I'm not saying that you're a terrible company if you don't, But you should be doing this
if you're in compliance. So, uh, I'm just going to use that one again. You could read through and choose the one that's most applicable to your you or your organization. We're just gonna say the next button there once we've made a choice
and you'll see that
we've got additional options. Here is Well, eh, So I'm just going to keep things simple in this example Here. Basically, what I'm going to do is kind of work you through all the way through section two. Here's I mentioned, And then I'll Paulson video, and I'll get down to section 77 on my end, and then we're just gonna take a look at the report that it actually generates. So
you're gonna notice. I'm just choosing some random stuff here, so I'm just gonna choose his top one here.
Attn. This screen, you can choose whatever you want to just say next year. I think here I'm going to follow the same pattern. So I'm gonna choose high
for all my likelihoods and then medium for all the actual impacts
so high for my likely hits here and then medium for my impact, similar as I had done before, And then just say next.
All right, Now you'll see it gives us that summer again, right? It gives us that areas that you need to review or areas of success. Again, I got a 0% because I'm not maintaining documentation.
All right, I'm gonna pause a video briefly and fast forward to section seven where I'll show you what the reporting looks like.
All right. So, through the magic of Fast 40 we're here. It's section seven. Now, I bet you wish I could fast forward your work day. Unfortunately, I can't do that, but I can definitely fast forward so we can take a look at Section seven and finish out the rest of this lab. So once you finish up to six and seven and if you haven't by the way, go ahead. Just pause the video and finish everything out. Take your time.
There's no rational.
Obviously, as I mentioned before, I didn't want to keep you on a lab video for, like, you know, a couple of hours. It didn't make any sense at all. But feel free to pause the video at any time and just go through this on your own.
So once we're here at section seven is complete. Just click on the next button there is gonna give us a summary, so you see, kind of a risk, or here is for review as well as different vulnerabilities.
And if we scroll down here, we could see some generalized summary information based off section of Are we good? Are we not? Good? If we click the next point in here, we're gonna be able to take a look at our risk report.
And so down here instead. 25. That's where we're at right now. And then we're just gonna take a look at the detail report as well. Uh, next
now you'll notice here a couple of things. It's gonna give us some options, toe basically understand, Like what we're looking at here. But for most people, we can figure out like, okay, you know, is this risk, you know is a critical is a high et cetera, et cetera.
Now, Once we click the next button here, we're gonna take a look at the detail report, and basically you can download these this report click next year,
you'll see that we can see the detailed report page, and then you notice that there's a small little PdF icon here at the top of right now. It's kind of difficult to see at first, but that's where it's at, and that will allow you to download a PdF version of this particular report.
Now, as I mentioned in the resource is section of the course, I have a sample report that again just randomly filled out information on.
So feel free to download that and take a look at it and then, of course, download whatever you've been working on as well.
Now what it will do with the detail report is you can actually click on a particular section, and it's gonna break out. All the information for you on is a critical et cetera. It's also gonna track the user name as well as a date in time. So just f y on that as well
RC again. You can really feel free to review that and just take a look at it, but we could just download that report as a pdf file. We should be good to go.
So in this video, we went ahead and wrapped up our lab. So we went ahead and entered in. All basically answered all the questions in our assessment. On we again, seven faces of that assessment, we were able to successfully complete them. And then we went ahead and took a look at the report.
We were able to see the risk level on everything of our organization as well. Suggestions on how we can. So in the next video, we're gonna go ahead and just wrap up the course so we'll talk about things like the assessment itself for this course
as well. Assume generalized information on next steps for you.