Risk assessment and risk treatment made easy! for ISO 27001 implementation in Hindi

Поділитися
Вставка
  • Опубліковано 21 гру 2024

КОМЕНТАРІ •

  • @cheers4easy
    @cheers4easy 2 роки тому +2

    Mai aapko samjha ke rahunga....loved it.....great job Luv. Superbly informative

  • @Theanonymousyou
    @Theanonymousyou Рік тому +1

    Thanks for the efforts you made for all of us... Thanks a ton again Luv Bhaai..

  • @me2507b4u
    @me2507b4u Рік тому +1

    By far the best Video on Risk Assessment. I am so glad that i landed up on ur channel. Super informative video!!. Exactly what i was looking for. I dont think i need to watch anymore videos on Risk now. This was so crisp and simple to understand. Thank you so much for this video. Im hooked to ur channel now. My gratitude!! Keep doing the superb work.

  • @ratnesh12100
    @ratnesh12100 2 роки тому +1

    One most amazing and most informative video on UA-cam for RART... Thanks Boss.. keep making videos.. thanks once again..

  • @wasifansari8225
    @wasifansari8225 2 місяці тому +1

    very well explained

  • @ankitaSingh-jc7eg
    @ankitaSingh-jc7eg 6 місяців тому +1

    Thankyou soo much sir🎉

  • @dhavalchothani7148
    @dhavalchothani7148 2 роки тому +1

    Liked the way you explained.. 👍

  • @hashamkhan8477
    @hashamkhan8477 Рік тому +1

    Hello Luv, Amazing video. your explanation and examples made my day. Thank you Sir. God keeps you and your family safe and you keep helping people like me. Love from Canada.

  • @indiayoutuber2628
    @indiayoutuber2628 Рік тому +1

    Sir plz I'm Beginner in iso 27001 plz make session of exam and about NCR and investigation reports at writing exam papers

  • @niteshtomer898
    @niteshtomer898 2 роки тому +1

    Thank you so much sir for this video 🙏

  • @kbsfragrance3340
    @kbsfragrance3340 2 роки тому +1

    Very well explained sir..

  • @kashishhinduja4515
    @kashishhinduja4515 2 роки тому +1

    Best video

  • @deepanshidishi8041
    @deepanshidishi8041 Рік тому +1

    Thank you so much sir for giving so much regarding Risk management..
    Sir, could you share the bigger vulnerability table for better understanding of Risk levels and impact.

    • @LearnITSecuritywithLuvJohar
      @LearnITSecuritywithLuvJohar  Рік тому +1

      SQL Injection:
      Description: Attacker inputs malicious SQL code into a login form.
      Risk Level: High
      Potential Impact: Gain unauthorized access to the database, extract sensitive information.
      Cross-Site Scripting (XSS):
      Description: Malicious script injected into a web page via user input.
      Risk Level: High
      Potential Impact: Steal user session cookies, deface websites, execute unauthorized actions.
      Unpatched Software:
      Description: Failure to update a web server with the latest security patches.
      Risk Level: Medium
      Potential Impact: Vulnerable to known exploits, leading to unauthorized access or service disruption.

    • @deepanshidishi8041
      @deepanshidishi8041 Рік тому

      @@LearnITSecuritywithLuvJohar Thank you so much sir for quick response 🙏

  • @varshapatwa5559
    @varshapatwa5559 Рік тому +1

    ITGC domains- Logical access, change management, backup in hindi please

  • @sunildhamane6454
    @sunildhamane6454 9 місяців тому +1

    Thank you!! This is great video to simply overall risk management. How can i get copy of document referred during this video?

  • @Ad000121
    @Ad000121 2 роки тому +2

    Do you have a English version

  • @successmantra8615
    @successmantra8615 2 роки тому +1

    Amazing video on RARTP, great job Lov, keep it up. Plz share more example on RA related to manufacturing functional department. 🙏🙏

  • @satishr7288
    @satishr7288 2 роки тому +2

    Dear Sir, vendor risk management video banaye.

  • @TpPavithra-mh4pi
    @TpPavithra-mh4pi Рік тому +1

    Can you please make the same tutorial in English

  • @rf1193
    @rf1193 7 місяців тому +1

    Hi, if you asked about the risk treatment plan what is the answer ? as interview question

    • @LearnITSecuritywithLuvJohar
      @LearnITSecuritywithLuvJohar  7 місяців тому

      A risk treatment plan is a structured approach to managing risks within an organization or project. It outlines the actions, strategies, and measures that will be implemented to mitigate, avoid, transfer, or accept risks identified during the risk assessment process.
      Here are the key components typically included in a risk treatment plan:
      Risk Identification: Clearly identifying and documenting all potential risks that could impact the project or organization. This includes assessing both internal and external factors that may pose a threat.
      Risk Analysis: Evaluating each identified risk in terms of its probability of occurrence, potential impact, and severity. This step helps prioritize risks based on their significance.
      Risk Response Strategies: Developing specific strategies for how each identified risk will be addressed. Common strategies include risk avoidance (eliminating the risk entirely), risk mitigation (reducing the likelihood or impact of the risk), risk transfer (shifting the risk to another party, such as through insurance), and risk acceptance (acknowledging the risk without taking active measures).
      Responsibilities and Accountabilities: Assigning roles and responsibilities to individuals or teams responsible for implementing risk treatment measures. This ensures clear accountability for managing risks effectively.
      Timeline and Resources: Setting timelines for implementing risk treatment measures and allocating necessary resources, such as budget, manpower, and technology, to support risk management efforts.
      Monitoring and Review: Establishing a process for ongoing monitoring and review of the risk treatment plan. This includes regular assessments to track the effectiveness of implemented measures, identify new risks, and make adjustments to the plan as needed.
      By developing a comprehensive risk treatment plan, organizations can proactively address potential threats, minimize negative impacts, and enhance overall resilience and success.

  • @syedtajwerali7895
    @syedtajwerali7895 Рік тому +1

    Bhai bana do app yaar, 25 table wala bh

  • @satishr7288
    @satishr7288 Рік тому

    ITGC 2nd video link

  • @himanshugupta8135
    @himanshugupta8135 2 роки тому +1

    thanks luv sir

  • @automatedesigner8695
    @automatedesigner8695 2 роки тому +1

    I need to pass iso 27001 for our organization what step need to follow

    • @LearnITSecuritywithLuvJohar
      @LearnITSecuritywithLuvJohar  Рік тому

      Achieving ISO 27001 certification for your organization involves a structured process that demonstrates your commitment to information security and your ability to manage and protect sensitive data effectively. Here are the general steps to follow:
      Management Commitment:
      Obtain commitment and support from top management to implement ISO 27001. Management's involvement is crucial to the success of the certification process.
      Gap Analysis:
      Conduct an initial gap analysis to assess your organization's current state of information security. Identify areas where you need to improve to meet ISO 27001 requirements.
      Define Scope:
      Clearly define the scope of your ISMS (Information Security Management System). This defines what information assets are included and what aspects of the organization's activities are covered by ISO 27001.
      Risk Assessment:
      Perform a comprehensive risk assessment to identify and evaluate information security risks. This includes understanding potential threats, vulnerabilities, and impact.
      Risk Treatment:
      Develop a risk treatment plan to mitigate identified risks through the implementation of appropriate controls. This may include policies, procedures, and technical measures.
      Documentation:
      Create and maintain documentation, including an Information Security Policy, risk assessment reports, and operational procedures. These documents should align with ISO 27001 requirements.
      ISMS Implementation:
      Implement the controls and measures identified in your risk treatment plan. Ensure that security processes and procedures are followed by employees.
      Training and Awareness:
      Provide training and awareness programs for employees to ensure they understand their roles in information security and compliance with ISO 27001.
      Internal Audits:
      Conduct regular internal audits to assess the effectiveness of your ISMS and to identify any non-conformities or areas for improvement.
      Management Review:
      Hold periodic management reviews to evaluate the performance of your ISMS, identify areas for improvement, and ensure alignment with your organizational objectives.
      Certification Audit:
      Engage with a certified ISO 27001 audit and certification body. They will perform a certification audit to evaluate your ISMS's compliance with ISO 27001.
      Corrective Actions:
      Address any non-conformities identified during the certification audit and take corrective actions to resolve them.
      Certification:
      Once your ISMS meets the requirements of ISO 27001, you will be issued a certificate, signifying that your organization is ISO 27001 certified.
      Surveillance Audits:
      After certification, regular surveillance audits are conducted to ensure ongoing compliance with ISO 27001.
      Continuous Improvement:
      Continuously improve your ISMS and information security practices based on feedback, audits, and changes in your organization's risk landscape.
      Remember that ISO 27001 is an ongoing process, and maintaining certification requires continual improvement and vigilance. Regularly update your documentation and processes to address changing threats and security requirements. It's also important to engage employees at all levels to ensure they understand and support information security practices.

  • @ratnesh12100
    @ratnesh12100 2 роки тому +1

    Q- who will decide the score for likelihood and Impact.. is any guide line for determining the these numerical values? Or management/ higher authorities.. who?

    • @pikishah1570
      @pikishah1570 2 роки тому +1

      the score will be decided by the one who is performing risk assessment. or it can be a mutual dicision.

    • @LearnITSecuritywithLuvJohar
      @LearnITSecuritywithLuvJohar  Рік тому +1

      thanks, please keep watching and share if you like this video :)

    • @LearnITSecuritywithLuvJohar
      @LearnITSecuritywithLuvJohar  Рік тому

      thanks, please keep watching and share if you like this video :)

  • @arpanchakraborty1942
    @arpanchakraborty1942 2 роки тому

    As mentioned in the table of Risk acceptance criteria- from 6 to 12 it is being taken as moderate risk and after 12 it is unacceptable risk. But sir, one confusion: in the cell of (unlikely-2, Severe-5) the multiplication is coming out to be 10. Therefore, how it has become red and considered as unacceptable? It should be considered as yellow ( moderate risk)..right?
    Thank you.

  • @jagdishsingh-lt7mm
    @jagdishsingh-lt7mm Рік тому +1

    how can i reach you ??

  • @olatunjiaka2779
    @olatunjiaka2779 Рік тому +1

    Please always present in English

  • @hanipathan9589
    @hanipathan9589 Рік тому +1

    Provide in english ..we r unable to understand

  • @SM-xj3hr
    @SM-xj3hr 6 місяців тому

    First of all Thank you so much for your contain and your effort.
    i have some doubt.
    For example:
    - We have only one external firewall, that firewall also have some critical level vulnerability. How do I determine which number to assign?
    - The data center is running on a single power backup.
    - The infrastructure is not implemented with the organization's password policy (non-compliance).
    in that situation
    1st, i have to "Risk level" with - Vulnerability (here we need VAPT report?), Impact, Likelihood, Risk Level based on the Asset criticality.
    here My Question is : During the evaluation if i found more dependencies; like backend server, network, applications in this case how can i set the Asset priority and risk level with dependencies ! should i mention all dependencies? if yes then which should come first which come 2nd how to decide that ? is it based on the again Risk level or Criticality level for the system or service?
    2nd, as you describe, I have to evaluate the Acceptable, Moderate & Unacceptable Risks by some number (Impact x Likelihood = Risk)
    here My Question is : how can i identify which risk number represent for which asset and which risk!! (for example as mentioned "Severe - 5" and Very "Likely - 5" with the Risk number 25!!).
    I confused about the 'Risk Evaluation'.
    🙏 kindly help me to clear the doubt.
    Again, Thank you so much 🙏