Cybrary Pro Day is here!

Understanding Risk Assessment Part 2

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

35 hours 10 minutes
Video Transcription
Hello and welcome to Sigh Berries Cop Tia Certified Van Secreted Practice Ners certification. Preparation course.
This is Marge. Number one. We can continue on in terms of discussion of Murder One, which is titled Risk Management. Here, get objectives which encompasses this particular module.
What we're gonna do at this point time, it's continue to focus attention upon the discussion of understanding. Risk assessment, in other words, is a continuation from the previous video.
This is Section three Understanding Risk assessment continuation
Here it objectives which encompasses this particular section here.
This brings us to the steps of risk assessment.
The first thing as we look at risk, is to it. What identified that risk? So it's the process of terminal risk or the worst of Taliban certainties, that competitive event, the program, the enterprise investment from achieving its objective.
When you look at risk analysis, on the other hand, it is in fact, the process where you identify analyze potential issues that could negatively impact your keeping its initiative or critical projects in order to help your organization off four or mitigate those words we didn't say
eliminate, mitigate, mitigate something they used to minimize the impact
this brings us now to risk impact assessment in privatization
Risk impact assessment is a process assessing the probability and the consequences of Rhys event if they're realized. The results of the risk assess are then used to privatize Rhys Do Step's a most least critical importers drinking
in terms of importance of this assessment, doing a risk assessment, you prioritize importance of data and the level risk you're willing to assume. It's important to know which data must be protected to me, hip or other type of regulations. So, in essence, it's part of the overall risk mental process.
You have to evaluate the controls.
Supports decision making as words can help the organization remain in compliance.
Let's not turn out to Georgia. Discussion off Gap Analysis A Gap analysis is fine *** the examination of a process or system to determine the difference between its existence state
in the desert future state. This helps a future certified advanced crew to practice no better understanding current state how it's different from a desire future state and further detail The gap in eyes will reveal what characterises of the current state can't remain.
What should be discarded.
What should be replaced and what should be at it.
In short, the purpose of a gap in eyes this identified gaps between your current management system
also stabs a list of actions to achieve conformance with the standard.
In fact,
the Gap analysis is a four step process. Step number one You did if I What is a current state
step? Number two identified the desire state other words where you want to be at in terms off overall security perspective. You also identify the gaps in your organization, and you wanna device highly partner means by which to improve. Other words to close those gaps.
Now when you're going through the prices of conduct your Gap Analysis one way to gather information storage facility walk do you can also document a review?
Also involves Stafford. US. Was dinner identify and document those gaps as well.
So when should a recess to be conducted? Proud of the work that initiate the wrist? Other words. The Taliban 30 you interviewed Assessment as necessary. Your security sensors should be a continuous activity. A comprehensive enterprise security risk assessment should be conduct at least once every two years to explore the risk.
The social, your organization information systems.
So once it was, said the review, anytime you have any new equipment, new sevens and new procedures
and your other words, if you have any new prices you want, what conduct what we call that risk assessment.
And so why is a rich, successful, important you wanna protect your assets? Reassessment of very important as they form an intricate part of aqap of yours or all security perspective, The again decreed awareness as well.
Another reason to protect your assets, your assets and your heart went assets. Your software asset. Personal assets. Your most valuable asset is your personnel, but at the same time they pose the greatest risk to your organization. You also want to protect your data. Is was your information s as well. One of the reasons for doing this. What
to avoid downtown
downtown creates potential loss. Standing scared is critical, obviously, to production. It also enhances still customer relationship, and also we have what we call annualized and single loss expectancy. So the first thing we'll take a look. It's called annualized loss expectancy is a product of an annual rate of occurrence
and a senior loss expectancy.
It's mathematically expresses, suppose For example, you had an asset as valued at 100,000 and expose the fact that for the asset is 25% the N'Diaye's law suspected is expected monetary loss that could be expected. Foreign asset due to arrest over one Your period is the finance. You look at your a l E
equal. You're single or suspect Lee
times your annual rate of other words of occurrence. Your sing along suspect is a single loss expectancy, and you're a R O. Is the annualized rate of occurrence, an important feature of the annualized expected that it can be used directly in a cost benefit type analysis. If a threat or risk
hasn't give what we call an annualized lows the space of $5000
they may be worth spending $10,000 per year on the security. Imagine that, which would eliminate it.
One thing I remember when you realize the annual expected value is that when the annualized rate of occurrence
is the order off one year, one loss per year, there could be considerable variance in the actual loss. For example, suppose you and your rate of occurrence
is 0.0 point five and you're single suspect is 10,000
in this case, your annualized expenses, then 5000 figure, which we may be comfortable with using again The Poseidon disabuse it. We can calculate the probability a specific number of losses occurring in a given year
and the next chart. Here we have an annualized loss expectancy
We can see from this particular table, Mr Here, that they're probably of a loss off $20,000 is 0.758 and that the probability lost being 30,000 on more is approximately 0.1444
Dependent on your tolerance. Arrest opposite every. Always have a different level of tolerance. Other words. Risk, appetite
and your this ability to withstand high ve lost value losses we may consider there's a treated measure which caused 10,000 per year to implement is worthwhile. Why? Even though it more than expected loss due to that particular threat,
we have a single loss Expectancy,
basically, is a monetary value specter from the currents of arrest. Other words of tolerance. 30 on an asset is related to the risk mansion and risk assessment
single suspect. It is a mathematical express when their disposal factor is represented in the impact on the rest over the asset or the percentage off the asset laws.
You're single suspect, see is expected monetary laws Every time a wrists occurs, the single all suspects or asset value and exposure factor are related by the formula. Singalong suspect Lee
equals You're what we call your asset value time. What we call your sposa factor in inducing Mexican sexual breakdown off the single loss expectancy into asset value of exposing factors allows us to adjust to terms independently.
Asset values made value with inflation. It also involved market changes. It's so four, while introducing preventive measures may enable us to reduce an exposure factor.
At this point time, we have our post assessment question, and that question is as follows.
What will be considered the best practice? One performance. Your risk assessment is a start with clear goals and to find support,
be formally formal issues by Ailey and your loss expectancy
or scales. Use again to define your single law suspect sea or in your loss expectancy or D acceptable levels or rest.
If you said that a you absolutely correct, you want to start with clear goes
and to find support
doing this vertical presentation, we discussed the importance of conducting this assessment.
We discussed the definition in terms of what a metric is. We also learn what we do to magic to get the metrics discuss key indicators. Benchmark Birches, Baselines Analyzing security solutions,
quality versus quantity Risk assessment. Taciturn liberals need it for your risk assessment. We discussed the best practices for performing yours assessment and last night's abuse, which discuss annualized loss expectancy and single loss expectancy.
And our upcoming presentation will be taking a look at Section number four, which is titled Risk Management.
I look forward to see you in a very next video.
Up Next