What is Risk?

00:02

This is risk management and information technology.

00:05

In this lesson, we will be talking about risk

00:09

will be defining risk as a business term.

00:12

We'll talk about different risk scenarios then we will define risk in terms of cybersecurity.

00:18

Mhm.

00:19

So what is risk

00:22

Merriam Webster defines risk as a possibility of loss or injury

00:28

In business terms, risk is the chance of loss of assets that can be disruptive to the business

00:33

assets include hardware or the server your application runs on software

00:39

or the people that manage these resources.

00:42

Cybersecurity terms, risk refers to potential loss or damage when a threat exploits a vulnerability

00:49

to put it in another way

00:53

as an equation, risk is equal to the number of threats times the number of vulnerabilities.

00:59

Therefore, if you reduce the number of threats or vulnerabilities, this will lower risk.

01:04

Mm hmm.

01:06

In tangible terms,

01:07

risk is losing the internet,

01:10

unable to access the email,

01:12

lots of devices

01:15

or perhaps the data stores being inaccessible.

01:19

So with that let's talk about scenarios. For example, email.

01:23

If you lose your email, you lose important data such as contracts, legal agreements or your access to your customers.

01:30

Of course the risk here is that you could lose your email server which is hosted by a vendor

01:34

for yourself inside your facility.

01:37

Or it could be caused by an outage. If it's hosted in the cloud such as office 365,

01:44

another scenario is losing the internet. So if you lose your internet connection, that means loss of business, especially if you're a website or rely on internet connectivity for your business.

01:55

And that could be caused by loss of connectivity. Let's say your modem

02:00

breaks down or your ice B has an outage.

02:05

Another scenario software

02:07

loss of functioning software could be a potential loss of business. For example, your credit card processing part of your website,

02:14

You could stop working and that could be caused by incorrect patching or data corruption.

02:21

Some companies rely on hardware,

02:23

loss of hardware function could be disrupted to their business functions and that can be caused by hardware failure or power outage. For example,

02:30

heavy machinery that

02:32

that's used for creating products or a factory.

02:37

Another risk of an organization is the loss of key personnel that can cause disruption of a business or process

02:44

people leave because there's internal issues at work or a better job offer.

02:49

Okay, let's take a quick quiz.

02:53

What is risk

02:54

a chance of loss of assets

02:58

Be the formula risk is equal to three times vulnerability.

03:01

See the likelihood that a threat will exploit the vulnerability or D. All of the above.

03:09

The answer is D All of the above.

03:13

That's right. Another one

03:15

which of the following our resources, a security guard at the front desk,

03:21

be the credit card processing software?

03:23

See internet connectivity for your business

03:27

or D. All of the above.

03:31

Yes, there is. D all of the above.

03:36

Okay. One last

03:38

which of the following does not reduce risk. A threat

03:43

be vulnerability.

03:44

See risk

03:46

D. And B.

03:50

Yeah.

03:51

Yes, it is. See

03:53

risk.

03:55

So let's summarize,

03:57

okay.

03:58

Risk is the potential of losing an asset

04:00

that can cause damage

04:02

when a threat exploits a vulnerability

04:05

and applies to resources or assets.

04:10

Examples of these assets are hardware such as tools to create products, software such as email or databases and key personnel.