5.23 Risk Monitoring

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

12 hours 48 minutes
Video Transcription
all right, monitoring risks, so risks are ongoing.
You know, we solve one problem. Another one pops up often feel like risk management's kind of like that game. Lack of mole. If you've played it at a carnival, you hit one mole, another one pops up somewhere else. And your job seems to be violent now that I'm describing it. And I'm just imagining someone who hasn't played whac a mole and I'm
discussing with them the benefits of hitting a mole on the head with a hammer. I will say this is a mechanized game.
No moles were injured in the production off Whack a mole. So anyway, monitoring risks because they're ongoing. The threat Landscapes change. New threats emerge all the time. Controls become outdated or obsolete, or they're found faulty or they don't deliver the degree of protection they once did.
So I'm monitor risks.
Um, you know, if we even go way back to that risk redshirt, there's a field on the risk register for risk response, and then an entry is we're monitoring risk. What's the risk status?
RR controls working as effectively as we had planned. Are they meeting their objectives? Well, there are a couple of terms that we can use to determine
if our risks are meeting their objectives. And we think of KP eyes. Kate, our eyes and kg eyes all right, The k p I. That's a key performance indicator.
And the idea is we have performance related goals, right? I look for 99.9997% up time. Okay, That's my performance indicator. And or that's that's my goal. Okay, so a key goal indicator at the end of the year
would be Did I meet my goal or not? K g. I is after the fact.
Okay, you either meet your goal or you don't. And if you don't, it's too late, right? So before I failed to me to go, I want an indication Am I meeting that goal? So I met Might set up a quarterly k g i and say OK at the end of this quarter and I at 99.9997%.
And if I'm not, I need to make some adjustments.
So my performance indicator is ah, measuring stick up against my goals. If you're not hitting your performance indicators, you're likely not gonna meet your goals.
Okay? Why wouldn't I be on track for performance? Because risks have materialized either Risks you didn't identify or risk you didn't properly mitigate. Or there's a slew of reasons that risk management may not have worked this plant. So for those risks that are most likely
Thio impact my objectives.
I want an alert that this risk is about to materialize.
Right. So, you know, one of the things that can really impact up time is, um, denial of service attacks.
So if I can get an indication that looks like a denial of surfaces, pack is beginning
that I can correct that before it impacts my performance. And if I meet my performance goals of my performance objectives, I'll meet my goals. So they all kind of playing together. So a key risk indicator might be processor utilization over 60%
for a sustained period of time of five minutes or greater
on serve a rate
right. So if that happens, you know, and maybe 60% maybe too high to set it for five minutes time. But But you get the gist of what I'm saying. I'm monitoring because if I get an indication that a risk is about to materialize.
I can proactively move to counter that risk and hopefully I don't get a hit. Take a hit in performance
and I'll still meet my goals. Right. So that's what monitoring is all about, ensuring that I continue to meet the objectives that are laid out before me in relation to respond.
Up Next
Certified Cloud Security Professional (CCSP)

This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.

Instructed By