Risk Monitoring
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Hi everybody. Let's go
00:00
ahead and pick up with risk monitoring.
00:00
Risk monitoring is all about the
00:00
>> fact that no matter how
00:00
>> much you put into planning, risks still materialize.
00:00
We're going to need to continue to evaluate
00:00
and watch for risk in a number of ways.
00:00
The first way is to look for care eyes.
00:00
Key risk indicators.
00:00
These are also known as triggers.
00:00
Triggers indicate that a risk event
00:00
is likely to materialize.
00:00
For example, if I am concerned about a denial of
00:00
service attack and I put
00:00
my mitigation strategies in place,
00:00
I'll also monitor the network.
00:00
If I see network traffic escalating and
00:00
network utilization is at 70 percent and going up,
00:00
then I'll see that as a key risk indicator.
00:00
It tells me that regardless
00:00
of what I've done for mitigation,
00:00
there's still something going on.
00:00
For this type of scenario,
00:00
I would plan to monitor the network
00:00
>> and establish that if
00:00
>> network utilization exceeds 50 percent
00:00
for more than five minutes consecutively,
00:00
then that is something I want to be alerted to.
00:00
That's what a key risk indicator is.
00:00
It's an alarm or an early warning system.
00:00
Care eyes need to be determined early.
00:00
These are things you would add in your risk register.
00:00
You would add what you are looking for as
00:00
an indicator of the risk you are documenting.
00:00
You want to be as proactive as you
00:00
can and be preventative.
00:00
But you also want an alarm that will tell you when
00:00
your risk is going to materialize anyway.
00:00
Other things you can do to monitor for
00:00
risk are to review your logs.
00:00
You want to do it proactively.
00:00
Often you only look at your logs after an event.
00:00
But we find that if we've been
00:00
looking at our logs ahead of time,
00:00
we could have seen signs that something was
00:00
happening before the actual event.
00:00
So log review is important.
00:00
Also, we can use intrusion detection and
00:00
protection systems, IDPS.
00:00
You should monitor them and be wary of false positives,
00:00
but also false negatives.
00:00
We want to make sure our intrusion
00:00
detection systems are tuned properly.
00:00
We'll talk more about those later.
00:00
Another way to monitor for risk is
00:00
to use honeypots and honeynets.
00:00
These are devices that are decoys.
00:00
They're set aside to look like a vulnerable system,
00:00
but instead they contain
00:00
detective software that monitors when an attacker does.
00:00
Their purpose is distraction,
00:00
but also detection of an attack.
00:00
Finally, you want to keep in
00:00
good communication with your incident response team.
00:00
Monitor what they are seeing and use
00:00
that as an indicator of a risk that might occur.
Up Next
Similar Content
