Eli the Computer Guy
Info
Level: Beginner
Presenter: Eli the Computer Guy
Date Created: October 13, 2010
Length of Class: 69 Minutes
Tracks
Computer Security /Integrity
Prerequisites
Introduction to Risk Assessment
Purpose of Class
This class teaches students how to conduct a Risk Assessment
Topics Covered
The Risk Assessment Process
What to Look for in a Risk Assessment
Class Notes
Introduction
Security is just good technology
Risk is a business decision
Assessment Process
Overview
Determine Vulnreabilities
Determine Threats
Determine Assets
Determine Buiness Justifications
Interview the Owner/ CEO
What’s your business?
What do you do?
How computer dependant are you?
How comfortabale with technology are you?
How many employees?
How many employees with computers?
What problems are you currently having?
What are your concerns?
Do You have legal requirements for data?
How are your systems currently being used?
Do you own/ can you make changes to the building?
Do you have maintenance contracts with other IT companies.
Current Operational Security Procedures
Known Threats — Natural/ Employees/ Outsiders
What is your Risk tolerance
What’s you IT Budget?
Observer infrastructure
Quality of cabling?
Quality/ age of equipment
Physical Appearance of equipment?
Pointless equipment?
Physical Security
Talk with Employees
What problems are you having?
Is there something that can make your life better?
Documentation Analysis
Who/ What When/ Where /Why?
Is the software accessible
Systems Analysis
Sit down at the computers/ equipment and determine their current state
Not enough RAM can cause as much economic loss as a virus!
Create a Plan and Brief Client
Create a plan spelling out vulnerabilities, threats, assets
Plan should have as few options as possible
Plan should have steps — first infrastructure, then computers, then policies
Focus on business reasons
Determine feasibility and Get buy in
Mitigation Process
As you work the plan continue to assess systems and situation
Is the planned solution still the best solution?
Source
superb is the only word
Great video…puts things together in a sensible way… I hope I do well in my CRISC exam on Monday.
Thanks a million
Please update your ISO 27001 videos!! we all need you
also do you teach ? i need online training
how can i contact you?
So im sitting here feeling rather decent about the fortification security and preventative measures I have implemented on my pc not including Intelligent or conscious all around good practices I use day to day. So I recently moved and Changed ISP….well im pretty much positive they are kept in the dark about all of my activities on pc 1. Watching 10 minutes I sank back in my chair …..I realized bypassing placing PC1 on a personal server and the Firmware Upgrades and Configurations and simple changes in broadcast channels being forget over the last month sitting in comfort studying on a Virtual Box in a nearly dummy Windows 10 with a Aftermarket Firewall and Few Virus Mitigation Softwares in place like a Premium Anti Virus that im comfortable where my logs end up is really just crawling . I guess its good only a few weeks had passed but ive left my Router Neglected …..besides monitoring activity with a way to kick ppl off (Gotta love a rooted android …sorta linuxish). Feeling Rather Vulnerable …should I continue with said Forgoed plans to 1. Setup old gaming Pc as A server and Route my Wifi through it
2. Upgrade Firmware
3. Grab more knowledge but continue my privatized server quest in another light ?
Thanks and My regards
Great presentation! Thank you for putting this together.
Great way to explain it.
Question Eli,
Do clients usually feel more comfortable if interviews are performed using paper questionnaires or lap tops?
Regards.
GREAT! I was just watching your video this morning about Risk Aversion and a third of the way through it was like yeah you might slip and fall but how you came through is what is important. Your building might be in a neighborhood infested with crackheads but how does one go about mitigation the damage and potential loss of property caused by the presence thereof.
Nice information
Thanks man this is a powerful information
this is a great guy and very kind of him to deliver this information. believe me know with over 25 years working in all levels of it all the way to the bit level. great presentation and very accurate eli you're perfect in business and technology you should be hired in a second great job and very on point!!!!! im applying for a security position at the top law firm in new york city and found this presentation to be so refreshing and reassuring god bless for keeping it real and keeping it open … 🙂 very helpful for real professionals
Excellent introduction to Risk Assessment. Thank you Eli for the time and effort you had put in to share your knowledge
For those interested in risk management standardization, you might want to join the official discussion group on the content of the ISO 31000 Risk Management Standard.
We have reached 40,000+ members and are growing by 100 members every week.
Here is the link to join:
http://www.linkedin.com/groups?mostPopular=&gid=1834592
Our LinkedIn group proposes quality discussions related to the ISO 31000 standard without waste of time and energy. The group is moderated by a team of 10 volunteers for your convenience.
Best regards,
Alex
—————————————-Alex Dali, MBA,ARM
Moderator of the ISO 31000 Risk Management Standard group
President of G31000, non-profit organisation, raising awareness on ISO 31000
Sharing the LinkedIn group : http://www.linkedin.com/groups?mostPopular=&gid=1834592
Fantastic video on risk assessment and mitigation. Although it was a little bit long, Eli gave a great talk! I was able to learn so many things. If you’re new (or even if you’re experienced) in risk mitigation, you’ll surely benefit from this video. It’s a must-watch!
11:20 was the best advice of them all, don't make yourself a target. Pissing off employees, Anonymous, etc. or bragging about being unhackable are usually great ways to get yourself owned.
you are fantastic! really great, so pleased I found you
Is it just me or is there no sound on this clip. He is good presenter of the the material and wanted to watch this video for a class.
Thank you, Sir !
Thanks!
Perfect explanation