Time
3 hours 47 minutes
Difficulty
Beginner
CEU/CPE
3

Video Description

This lesson focus on risk mitigation and stresses risk mitigation strategies including change management, incident management, audit and other actions. We discuss the impact of data loss and theft, how that occurs and what strategies can be employed by security professionals to minimize its occurrence AND its adverse effects of those occurrences. [toggle_content title="Transcript"] This has to do with, given a scenario implement appropriate risk mitigations strategies. The first item we look at is change management. In the world of IT we must do proper change management to ensure that all changes carried out in the IT or enterprise are properly reviewed. We have to know, Who is asking for this change? We will review the change. What is the impact of this change on the infrastructure? What is the impact of this change on the enterprise collectively? Does this change or do these changes introduce new vulnerabilities? Do they deviate from the best practices and standards or the policies that are in place? Without proper change management anybody, everybody can just decide to make changes and these could introduce fraud or bring down the network. Organizations should ensure that changes goes through proper review, so that we know, Do we have to pay for these modifications? Is it a onetime payment? Is it a recurring payment? Can the organization afford this change? All departments have to be reviewed to see the impact of the changes collectively for the organization. The next item we look at is Incident Management. Incidents must be properly identified and managed otherwise small issues could build up overtime and become big issues. If incidents are not properly managed, they could get swept under the carpet. Incidents have to be carefully managed. We have to have best practice management strategies. These can mitigate incidents as they occur as incidents starts to occur and they are properly identified we can mitigate the severity of the damage caused by these risks. We also should do, user rights and permissions reviews. Periodically, we assign new permissions to users and sometimes we forget to remove these permissions. We should do, user rights and permissions reviews to ensure that our users do not build up excessive permissions overtime. The principal of this privilege dictates that our user should have the exact permission they need to do their work. No more, no less. As you would find some organizations would assign permissions to people or users within the enterprise and over sometime forget to withdraw these permissions. If we perform user rights and permissions reviews, we get to review the right users should have. Is this sufficient? Have they exceeded their assignments? Then those permissions have to be reviewed and removed. We should also perform Routine Audits. Routine audits for our infrastructure. Routine audits for the users. Routine audits for all the controls within the network because with time some controls might fail. Some controls might be weakened overtime or comprised. If you were to ask your users for example, What sort of time or how do they conform to the policies? They will repeat what is in the policy for you word for word. They know what's in the policy, but are they carrying out what is in the policy. By performing routine audits we could detect. This is a detective control. We can do routine audits on our infrastructure. Are the controls working as they should? We captured the logs. We captured the reports and see if the controls are working as they should. If not then reports could be written for remediation. These controls can be put right as they should work. We need to enforce policies to prevent data loss or theft. Management policies might dictate that there should be no data loss or theft. This can be done using software. Software solutions that would find sensitive information. They prevent sensitive information from being stolen, such that; if users attempt to copy, move, send information that should not be moved from the storage system, if the system detects suspicious activities the system will prevent user interaction with the data such that the data cannot be stolen. In doing data loss prevention, software is used to prevent data from being stolen. We could also implement technical solutions. Maybe, we could disable USB. We could disable copying of data. We could disable sending of data from a media. By disabling the USB you are able to enforce the policies that also prevent data loss or theft. You could disable USB drives, USB ports in the bios. If disabled, the usage of USB devices cannot work. That enforces the policy to prevent data loss and data theft. [/toggle_content]

Video Transcription

00:04
this has to do it. Given a scenario. Implement appropriate risk mitigation strategies.
00:10
The first item will look at is change management
00:14
in the world of I t. We must do proper change management to ensure that
00:19
all change is carried out in the I. T or enterprise Properly reviewed. We have to know who is asking for this change.
00:28
We reviewed the change. What is the impact of this change on the infrastructure? What is the impact of this change on the enterprise? Collectively,
00:36
those dis change or do these changes introduced new vulnerabilities? Do they deviate from the best practices and standards or the police is that I am placed without proper change management
00:49
Anybody? Everybody can just decide to make changes and this could introduce fraud or bring down the network.
00:57
Organizations should ensure that changes go through proper review
01:02
so that we know Do we have to pay for these modifications? Is it a one time payment? Is it the recording payment Candy organization afforded this change on all departments have to be reviewed to see the impact off the changes collectively for the organization.
01:19
The next item will look at his incident. Management
01:22
incidents must be properly identified unmanaged. Otherwise, small issues could build up over time and become big issues. If incidents are not properly managed,
01:36
they could get swept under the carpet.
01:38
So incidents have to be carefully managed. We have to have best practice management strategies. These can mitigate incidents as they are cool.
01:46
So as incidents that Toko and they're probably identified, we can meet to get the severity off the damage caused by these risks.
01:55
We also should do use our rights on permissions reviews periodical E. We assigned new permissions to users, and over time, sometimes we forget to remove these permissions.
02:06
So we should do use our rights and permissions reviews to ensure that our users do not build up excessive permissions over time.
02:15
The principal of this privilege dictates that our use I should only have the exact permissions they need to do their work. No more, no less. But as you would find some organizations with assigned permissions toe people or use us within the enterprise on over sometime, forget till we draw these permissions. So if we perform,
02:35
user writes on permissions reviews, we get to review
02:38
the rights. Yousa Sure, huh? Is this sufficient Or have they exceeded the assignments? Then those permissions have to be reviewed and removed.
02:49
We should also perform routine audits, routine audits for our infrastructure, routine audits for the user's written audience. For all the controls within the network, because which time some some controls might feel, some controls might be weakened over time or compromised.
03:08
Um,
03:09
if you were to ask your users, for example, what sort of time or what Shut up.
03:15
How do they conform to the policies? They will repeat what is in the policy for you. What forward?
03:21
They know what's in the policy, But are they carrying out what's in the policy? By performing routine audits we could detect. So did this is a detective control.
03:31
We can do routine audits on our infrastructure.
03:35
Adi controls working as they should.
03:38
We captured the logs. We captured the reports and see if the controls are working additional. If not, then reports could be written for remediation, so these controls can be put right as they should work.
03:52
We need to enforce policies to prevent that our loss or theft
03:57
management's policies. My dictate that there should be no that our loss or theft so This can be done using software software solutions that would find sensitive information on the prevent sensitive information from being stolen,
04:09
so that if measure if, if users attempt to copy, move,
04:15
send information that should not be moved from the storage system, the system it detects. If the system detects the specials activities, the system will prevent user interaction with the data so that the data cannot be stolen.
04:30
In doing that, almost prevention
04:33
software is used
04:35
toe prevent stutter from being stolen.
04:39
Um,
04:40
we could also
04:43
implement technical solutions. Maybe we could disable us be We could disable copying off that we could disable standing off data from the media. By disabling the USB, you are able to enforce the policies that also prevent that our loss or theft you could disable USB drives,
05:01
USB ports in the BIOS
05:03
you've disabled the use it off USB devices
05:08
cannot work that enforces
05:11
the policy to prevent that. Our loss on that art theft

Up Next

IT Security Governance

IT Security Governance is a type of risk management process that can be applied to business operations, identifying critical information and protecting that information from enemies

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor