Hello Luv. thank you for your video explaining Cyber Security risk assessment. You gave me the understanding. This is my first time of watching your video and i subscribed right away. I would like to get more of the Case studies and the practical scenarios. Thank you so much for the great work done.
join my course to know more, anyone can join this course, this is one course which is no where available in the market as of now because in this course you will be doing ISO 27001 implementation end to end from your hands only and it will be realtime practical experience that you will get. Along with that I will also be sharing the common interview questions asked and also checking your resume if it's proper or not. Only 2 seats left now, so if you want to join please do it today only, here is the link for costs etc - learn.protecte.io/courses/ISO-27001-Lead-Implementor--66d994afded8b66a598b5ad2-66d994afded8b66a598b5ad2
Honestly . I have to say this was one of the best videos. Kinda watched a lot of videos on Cyber Security. But yours was the best way a person could teach. 😊 kudos to the presentation. Subscribed. ❤ scenarios were the best. I think you need to rename this video as an introduction to cyber security. ❤❤
Thanks Luv. I am confused. For the risk assessment do we need to mention how we need to manage the risk as well. Can you please clarify when and where risk management start in all these?
Yes, in a comprehensive risk assessment, it's not only important to identify potential risks but also to outline strategies for managing or mitigating those risks. Risk management typically begins in the planning stages of a project, process, or activity and continues throughout its execution and even beyond its completion. Here's a breakdown of when and where risk management starts in the process: Planning Stage: This is where the initial risk identification and assessment occur. During this phase, the project or activity team identifies potential risks based on past experiences, expert judgment, historical data, and other relevant sources. At this point, it's crucial to not only identify risks but also consider how they might be managed or mitigated. Risk Assessment: Once risks are identified, they are assessed for their likelihood and potential impact. This assessment helps prioritize risks based on their severity and likelihood of occurrence. During this stage, it's essential to consider potential risk management strategies and actions that can be taken to reduce the impact or likelihood of occurrence of each identified risk. Risk Management Planning: After identifying and assessing risks, a formal risk management plan is developed. This plan outlines the strategies, processes, and resources that will be utilized to manage or mitigate identified risks throughout the project or activity lifecycle. It also assigns responsibilities to team members for implementing risk management actions. Execution and Monitoring: Risk management is an ongoing process that continues throughout the execution of the project or activity. During this phase, the risk management plan is put into action, and progress is monitored regularly to ensure that risk management strategies are effective and that new risks are identified and addressed promptly. Response Planning: As new risks emerge or existing risks evolve, it may be necessary to adjust risk management strategies or develop new response plans. This iterative process ensures that the project or activity remains on track and that potential disruptions are minimized. Closure and Evaluation: After the project or activity is completed, a final evaluation of the risk management process is conducted. This includes assessing the effectiveness of risk management strategies, documenting lessons learned, and identifying areas for improvement in future projects or activities.
Hi Lov, could u pls clarify how to calculate the Impact, as we know Risk= Likihood × Impact and likelihood vam be decided from logs, I mean probability of occurance. Threats value is also important facor based on CIA to calculate the Risk score. Could you please elaborate..
Certainly! When assessing risk in the context of information security or risk management, the formula you provided is commonly used: Risk = Likelihood × Impact Here's a breakdown of the components: Likelihood: Likelihood refers to the probability or frequency of a particular threat or event occurring. This is often assessed based on historical data, expert judgment, or other relevant information. Likelihood can be expressed as a percentage or a qualitative measure (e.g., low, medium, high). Impact: Impact represents the consequence or severity of the event if it were to occur. This could include financial loss, damage to reputation, legal ramifications, etc. Similar to likelihood, impact can also be expressed quantitatively or qualitatively. Threats: In information security, threats are potential events or circumstances that can cause harm to an organization's assets (e.g., data, systems, infrastructure). Threats are often categorized based on the CIA triad, which stands for: Confidentiality: Ensuring that information is only accessible to those who are authorized to access it. Integrity: Maintaining the accuracy and reliability of data and systems. Availability: Ensuring that information and resources are available when needed. Assessing the threats involves identifying potential risks to these aspects of information security. When calculating the risk score, you would typically: Assess the likelihood of each identified threat occurring. Assess the potential impact of each threat if it were to materialize. Multiply the likelihood and impact scores together to get the risk score for each threat. For example, if you have a threat with a likelihood rating of "medium" (50%) and an impact rating of "high" (on a scale of 1 to 5, let's say it's a 4), then the risk score for that threat would be: Risk = Likelihood × Impact = 0.5 (medium) × 4 (high) = 2 The risk score helps prioritize risks for mitigation or management. Threats with higher risk scores typically require more attention and resources to address. It's important to note that risk assessment is not a one-time activity; it should be regularly reviewed and updated to reflect changes in the threat landscape, technology, business processes, and other factors.
Thanks for clarification... One more thing I would like to know Risk = CVT i.e Consequences × vulnerability × threat So what is different from above.. I understand Consequences means Impact or severity, but what about two I.e threat and vulnerabilities.. Which one should I refer?
