Email Newsletter icon, E-mail Newsletter icon, Email List icon, E-mail List icon Sign up for our Email Newsletter




«
»

Practical Risk Assessment and Mitigation

Info

  • Level: Beginner
  • Presenter: Eli the Computer Guy
  • Date Created: October 13, 2010
  • Length of Class: 69 Minutes

Tracks

Prerequisites

Purpose of Class

  • This class teaches students how to conduct a Risk Assessment

Topics Covered

  • The Risk Assessment Process
  • What to Look for in a Risk Assessment

Class Notes

  1. Introduction
    1. Security is just good technology
    2. Risk is a business decision
  2. Assessment Process
    1. Overview
      1. Determine Vulnreabilities
      2. Determine Threats
      3. Determine Assets
      4. Determine Buiness Justifications
    2. Interview the Owner/ CEO
      1. What’s your  business?
        1. What do you do?
        2. How computer dependant are you?
        3. How comfortabale with technology are you?
        4. How many employees?
        5. How many employees with computers?
        6. What problems are you currently having?
        7. What are your concerns?
        8. Do You have legal requirements for data?
        9. How are your systems currently being used?
        10. Do you own/ can you make changes to the building?
        11. Do you have maintenance contracts with other IT companies.
        12. Current Operational Security Procedures
        13. Known Threats – Natural/ Employees/ Outsiders
        14. What is your Risk tolerance
        15. What’s you IT Budget?
    3. Observer infrastructure
      1. Quality of cabling?
      2. Quality/ age of equipment
      3. Physical Appearance of equipment?
      4. Pointless equipment?
      5. Physical Security
    4. Talk with Employees
      1. What problems are you having?
      2. Is there something that can make your life better?
    5. Documentation Analysis
      1. Who/ What When/ Where /Why?
      2. Is the software accessible
    6. Systems Analysis
      1. Sit down at the computers/ equipment and determine their current state
      2. Not enough RAM can cause as much economic loss as a virus!
    7. Create a Plan and Brief Client
      1. Create a plan spelling out vulnerabilities, threats, assets
      2. Plan should have as few options as possible
      3. Plan should have steps – first infrastructure, then computers, then policies
      4. Focus on business reasons
      5. Determine feasibility and Get buy in
    8. Mitigation Process
      1. As you work the plan continue to assess systems and situation
      2. Is the planned solution still the best solution?

Resources



Eli the Computer Guy (429 Posts)

Eli the Computer Guy has 16 years experience in technology being the guy to fix "it". From the Army, to building out new satellite offices for the enterprise, to running his own shop with 9 full time employees Eli has real world experience with almost all systems that technicians will be working with. Eli has 1600 hours of formal technical beyond his Bachelors Degree in Criminal Justice on technologies ranging from Avaya PBX/ Audix to Microsoft, Red Hat Linux, MySQL, Cisco and much more.


  • http://www.cribskirt.biz/sitemap.html crib skirt review

    I have read some just right stuff here. Certainly price bookmarking for revisiting. I surprise how a lot effort you put to make this sort of magnificent informative site.



















Subscribe to me on YouTube

Powered by WordPress and WordPress Theme created with Artisteer.