Email Newsletter icon, E-mail Newsletter icon, Email List icon, E-mail List icon Sign up for our Email Newsletter




«
»

Practical Risk Assessment and Mitigation

Info

  • Level: Beginner
  • Presenter: Eli the Computer Guy
  • Date Created: October 13, 2010
  • Length of Class: 69 Minutes

Tracks

Prerequisites

Purpose of Class

  • This class teaches students how to conduct a Risk Assessment

Topics Covered

  • The Risk Assessment Process
  • What to Look for in a Risk Assessment

Class Notes

  1. Introduction
    1. Security is just good technology
    2. Risk is a business decision
  2. Assessment Process
    1. Overview
      1. Determine Vulnreabilities
      2. Determine Threats
      3. Determine Assets
      4. Determine Buiness Justifications
    2. Interview the Owner/ CEO
      1. What’s your  business?
        1. What do you do?
        2. How computer dependant are you?
        3. How comfortabale with technology are you?
        4. How many employees?
        5. How many employees with computers?
        6. What problems are you currently having?
        7. What are your concerns?
        8. Do You have legal requirements for data?
        9. How are your systems currently being used?
        10. Do you own/ can you make changes to the building?
        11. Do you have maintenance contracts with other IT companies.
        12. Current Operational Security Procedures
        13. Known Threats – Natural/ Employees/ Outsiders
        14. What is your Risk tolerance
        15. What’s you IT Budget?
    3. Observer infrastructure
      1. Quality of cabling?
      2. Quality/ age of equipment
      3. Physical Appearance of equipment?
      4. Pointless equipment?
      5. Physical Security
    4. Talk with Employees
      1. What problems are you having?
      2. Is there something that can make your life better?
    5. Documentation Analysis
      1. Who/ What When/ Where /Why?
      2. Is the software accessible
    6. Systems Analysis
      1. Sit down at the computers/ equipment and determine their current state
      2. Not enough RAM can cause as much economic loss as a virus!
    7. Create a Plan and Brief Client
      1. Create a plan spelling out vulnerabilities, threats, assets
      2. Plan should have as few options as possible
      3. Plan should have steps – first infrastructure, then computers, then policies
      4. Focus on business reasons
      5. Determine feasibility and Get buy in
    8. Mitigation Process
      1. As you work the plan continue to assess systems and situation
      2. Is the planned solution still the best solution?

Resources

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>



















Share

Subscribe to me on YouTube

Powered by WordPress and WordPress Theme created with Artisteer.