Master Practical Risk Assessment Techniques Part 2: Step-by-Step Guide 2024
Вставка
- Опубліковано 16 січ 2025
- Welcome to an insightful journey into the world of cybersecurity with Mr. Atul Rishav! In this must-watch video, Mr. Rishav, a seasoned expert in the field, delves deep into the practical aspects of conducting and managing risk assessment
What's Inside:
Linkedin Profile
/ atulrishav
Part 1
• Master Practical Risk ...
Understanding Risk:
Mr. Rishav begins by demystifying what risk really means in the context of information security. He breaks down complex concepts into easy-to-understand elements, making it accessible for everyone from beginners to seasoned professionals.
Risk Assessment Sheet Explained:
Step into the world of professional risk assessment as Mr. Rishav walks you through the process of filling out a risk assessment sheet. This segment is packed with practical tips and real-world examples, ensuring you grasp the nuances of effective risk documentation.
Client Communication: Learn the art of conveying findings to clients. This is crucial, as the way you communicate risks can significantly impact how they are perceived and addressed. Mr. Rishav shares his expert strategies for clear, concise, and impactful communication.
GRC Interview Prep:
If you're gearing up for a Governance, Risk, and Compliance (GRC) interview, this video is a goldmine. Understanding the risk assessment process is key, and Mr. Rishav provides insights that will give you an edge in your interview.
🎯 Who Should Watch:
Aspiring and current cybersecurity professionals
Individuals preparing for GRC interviews
Anyone interested in understanding the practical side of risk assessment in cybersecurity
📈 Takeaways:
By the end of this video, you'll have a solid understanding of risk assessment in the cybersecurity realm. You'll be equipped with the knowledge to effectively fill out risk assessment sheets and communicate your findings with confidence.
👉 Don't forget to like, share, and subscribe for more insightful content like this. Drop your questions or feedback in the comments below - we love hearing from you!
What is internal Audit
• How to Conduct Interna...
Internal Audit Interview Questions
• Mock Job Interview Int...
NIST Part 1
• NIST CSF 2.0 : Real-Wo...
NIST Part 2
• Mastering NIST CSF 2.0...
GRC Foundation
• GRC Practical Approach...
GRC Practical Series
• GRC Practical Approach...
Other Video
• Discover How to Succes...
Playlist of GRC
• GRC Practical Series
Playlist of CISSP
• CISSP Prep (Coffee Shots)
SOC Interview Questions
• SOC Analyst Introducti...
Playlist Network Security
• Network Security
GRC Interview Questions
• Mock Job Interview Int...
Internal Auditor Playlist
• Internal Audit
How to make career progression post #isc2 and #isaca
• How to Make a Career P...
How to make career in GRC
• Learn How to Make an A...
How to Build PIMS
• How to Implement Priva...
How to Implement 27001 in an organization
• Implementing ISO 27001...
How to conduct PIA
• How to Conduct Privacy...
How to Make an career in GRC
• Learn How to Make an A...
Telegram Group
t.me/Prabhstudy
Start your career in cybersecurity with free resources
Cybersecurity Career: How to Make a Career in Cybersecurity 2022 lnkd.in/gCGBnRM7
Pentesting Career
lnkd.in/gQYenKYd
Telegram Group Link
t.me/Prabhstudy
Cybersecurity Guide
• Cybersecurity Guide
Follow me on Instagram
www.instagram.....
#risk #riskassessment #grc #infosec #cybersecurity #isaca #isc2 #grc #itaudit #informationsecurity #thirdpartyriskassessment
This video is really helpful. Thank you for sharing your insights in such a detailed manner!
Great insight! thank you Atul & Prabh.
Excellent presentation by the panel.
Good video, Prabh ! if anyone can answer the below questions, it would be wonderful.
• How do we get Risk ID? is there any tool to generate Risk ID’s? If the organisation's environment is in Cloud?
• How do we track the devices because almost everything is virtual: Eg EC2 or S3 box etc ?
• You mentioned as only management and the IT Team should be informed about the changes on a Network device, but shouldn’t that be part of change management as it goes through approval process to make necessary changes?
• Post implementing the changes the Likelihood and impact is lowered ? How did you conclude it as lowered ? Would you consider doing another assessment to confirm it as Low ?
• From a Technical standpoint would you work with technical teams or SOC teams to identify the vulnerabilities? or would you run vulnerability assessment? Which team identifies the vulnerabilities ?
• Any chance to share the excel template?
• I think it would also be good to create another video on the Guidance Tab and how do we compile the parameters as standards.
Great introduction to risk assessment. I rarely got the opportunity to listen to such a practical introduction. Thanks so much for that. I would although expected you to introduce in your example sheet the notion of risk appetite so that you know your residual risk level is within or still outside your appetite after the treatment.
Very Informative, Thank you Prabh and Atul
Informative and great Insight,Thank you!
A very informative session. Loved the duo
Thank you!
very informative
Thank you prabh and Atul for sharing such insight.
Very informative. Thanks
Good presentation. I enjoyed the explanation. Well done:-)
So thankful for this content!
Watching this now and its so useful, Thank you Atul & Prabh 👏
Thanks a lot!
Hi prabh, how to identify risk in the organization do we have any tools for that.
Hi sir do you have live class
how to get the excel template?
please share link to download risk register template
Thanks for the detailed information on risk management, and it has given me some more areas to consider in risk assessment. However, I think we also have to have risk scoring, or risk rating, such as if an organization has 40+ risks (hypothetically 😊), then we can choose the top ten risks based on the score or we can sort the risk on scale. calculation can be based on likelihood*overall impact, and that can define the overall risk Impact.
Thank you, Prabh & Atul for this wonderful session, one point would like to clarify here about impact after RTP, impact remains same right, how it would become less impact.
I am looking the template.
i would like practical approach...thank you
The template please?
Thanks Atul & Prabh for the informative session! A question- The example you showed for version TLS1.0(I mean using obsolete/vulnerable versions) in network devices. Such kinds of checks would be covered under Vulnerability management as well so shall we consider under Risk register? If yes, which of them shall we consider, shall we filter out with impact and critical vulnerabilities.
I hope I made my question clear!
Thanks for watching. This is merely an example of how a known risk should be registered and monitored. For instance, a small company wouldn't even have a vuln mgnt program. In that case an umbrella for "network security" will be created under which known vulns such as TLS would be recorded and tracked periodically. What and how a risk should be registered and monitored is solely dependent on the business and their priorities. Hope that makes sense. Feel free to respond with further queries if needed. Cheers!!
This is very informative, thank you for taking the time to share.
Regarding the Risk treatment plan, what tools can one use to conduct Network device assessments in case this is asked in an interview?
There are plethora of open source and paid network scanning tools such as Qualys, Tenable, Nmap, and such. Depending on the business risk appetite and budget, one can choose either open source or a paid tool. Do remember that budgeting also includes people's time as well. It can be performed inhouse or outsourced if not capable.
You are awesome! Thank you so much.
Vendor management we want to hear next
Noted.
Great insights by Atul , but the examples can be informed and clarification need to get better. It's not very clear. Otherwise it's a great learning session. Thanks 😊
Hi Atul & Prabh,
I am looking to pursue my career into risk management and more of GRC role, also holding ISO 31000 risk management certification and ISO 27001 Lead Auditor ISMS. Are there any workshop conducted where i can nominate myself to be part of any assignment or project you run to get hands on. Please let me know. I have 13 yrs of experience in IT Service Management but would want to switch to risk management now as part of career progression
IT risk analyst
hmmm ... still not happy ... expected much more from the Title ....
Atul you are giving too phaltu type of example to explain the concept.