Everyman IT

Free Computer Training from Eli the Computer Guy

Introduction to Risk Assessment

Info

Level: Beginner
Presenter: Eli the Computer Guy
Date Created: October 12, 2010
Length of Class: 57 Minutes

Tracks

Computer Security /Integrity

Prerequisites

None

Purpose of Class

This class teaches students the basic concepts behind Risk Assessments.

Topics Covered

Defining Risk, Threat and Vulnerability
Types of Protections
Mitigation Concepts
Business Rational for Risk Assessment and Management

Class Notes

Introduction
1. The better you know technology the better you will do with Risk Assessment/ Management.

Risk

Risk = Treat x Vulnerability
Overview of Risk
1. Risk is defined as the likelihood of financial loss.
2. Risk is a business concepts not a technological one.
1. Down Time
2. Fraud
3. Legal data loss issues
4. Hacking – Attacks from your network
5. Data Theft (Trade Secrets)
Overview of Threat
1. i. Natural Disatser
2. ii. Malicious Human
3. iii. Accidental Human
4. iv. System Failure
  1. Impersonation
  2. Interception
  3. Interference
Overview of Vulnerability
1. Flooding
2. Theft of Systems
3. Hacking
4. Viruses
Overview of ProtectionsTechnoloigical Safe Guards
1. Physical/ Operational Security
2. Disaster Plan
3. Documentation
4. Technological Safeguards (Firewalls, Antivirus)
Concepts of Mitigation
1. Incident -> Response -> Debrief ->Mitigation
2. Making Bad not so bad
3. You will never be safe
Security Buy In and Quantifying Risk
1. The business leaders will make the final decision on Risk Management
2. The better your BUSINESS argument the more likely you are to get the go ahead.
3. What is the cost of downtime
4. What is the legal cost
5. Cost of Security vs. Benefit
Final Thoughts
1. Risk is a BUSINESS concept! The more you understand about business and can talk about financial ramifications the more likely you are to get you fancy new security equipment.

Resources

US Computer Emergency Readiness Team

Leave a Reply Cancel reply