2020 -Assets Based Risk Assessment under ISO 27001:2013
Вставка
- Опубліковано 1 жов 2024
- If you are exploring the videos for risk assessment subject in ISMS, you have reached here correctly. You will learn in details how to assess the risks for ISMS ISO/IEC 27001:2013.
Risk Management is a crucial part of the big subject of implementation of the standard, ISO 27001:2013.
I am Sanjay Gore Pune India
My email id is sanjaygore99@gmail.com
Phone 919881099604
My LinkedIn Profile / sanjaygore
Sorry, I'm Italian but I don't understand much of what you say. You have a strong Indian accent. You should post subtitles.
sir, you should example like what are corrective controls, detective controls etc. just reading from the slides don't help much
11 new controls introduced in the ISO 27001 2022 revision:
A.5.7 Threat intelligence
A.5.23 Information security for use of cloud services
A.5.30 ICT readiness for business continuity
A.7.4 Physical security monitoring
A.8.9 Configuration management
A.8.10 Information deletion
A.8.11 Data masking
A.8.12 Data leakage prevention
A.8.16 Monitoring activities
A.8.23 Web filtering
A.8.28 Secure coding
What you say is a revision in ISO 27002:2013 replaced with 27002:22.
Secondly, it is not an addition but a replacement.
And the revised ISO 27001:2022 is yet to come.
@@SanjayGore What's the latest version of ISO 27001?
ISO 27002
A comprehensive update of ISO 27001 is expected to be released in October 2022. Once updated, the latest version of ISO 27001 will align with changes made to ISO 27002 and published in February 2022.
Thank you so much for these wonderful sessions, sir. Kindly do post more on GRC based sessions. Keep posting some real time practical kind of stuffs if possible. Eagerly waiting for upcoming videos.
Thank you so much for those kibd words. Sure, I will post as suggested by you. Keep engaging. Thanks again.
Thank you very much for knowledge sharing. This is talking about perfect timing for me.
Thanks
I am happy my efforts are useful for your help, may be a very samll.
Thank again for communicating it to me.
Content covered is quite useful for both beginners and experts in the Industry, great delivery. The background music is a little disturbing.
Thank you, Prerit
Really good one, and useful even basics will get clear , particularly for professionals who are running mfg companies and infrastructure companies .
Thanks for those good words.
Thank you so much Sir. I really learned a lot about RA on Assets today. I have subscribed your channel and planning to spend lots of time and watch all your videos on BC stuff. Love from Canada
Thank you very much for those good words.
Also thanks for subscribing.
👍👍👍
I saw many videos sir, but u explained it very clearly.... Thank you so much
Thanks. You are welcome.
Nicely explained.. thank you sir
Thanks for those good words. It inspires me to do more.
This was very insightful. Really appreciate the efforts taken to explain this concept.
Glad it was helpful!
risk level didvided in 4 equal parts, if impact is medium and likelihood is medium then with this table final risk come in low number. same if high impact and high likelihood then risk result come in medium block. how you can explain this
Thanks for sharing. The content was really good and well-presented.
Thanks Solomon for these kind words.
Thanks you soo much sir for sharing knowledge
Thanks. You are welcome.
Please subscribe and share the video.
Critical concepts made simpler
Thanks, Suryakant. Many of these are learned with you when we were preparing for CISA long back in 2004
good content sir. I have watched it several times.
Thank you very much
Very Informative and Valuable Sir
Thank you for sharing Valuable Knowledge 🙏
Thank you very much. I am happy that my little effort helped you understand certain concepts.
Background noise is very disturbing...
Thanks,. Will take care in next video.
Thanks, Sridhar for your suggestion. I tried to edit the file online to remove the music altogether, but it affected the file itself. I am not a professional video editor, hence could not exactly cut the noise. My trial and error effected in very disturbing scenarios, and since it is in the beginning it may affect the moment of truth. So, ultimately I had to revert back to the original.
Your suggestions are valid and big thanks for that. In my next uploading, I will take care of that.
Your suggestion gave an opportunity to learn how to edit the already uploaded video to youtube.
Risk matrices don't work, this is a well established fact. What's the point of promoting it if you don't understand it?
Thanks for your comments. Your thinking is respected and welcome.
Thank you sanjay, your video is more understandable, when ever I used to get doubt I will watch your videos.
Thanks you very much. I am happy that my little efforts are helpful for you to understand.
Good intro and very useful
Thank you, Danish. Some of the concepts presented are learned through you; while I was in Saudi.
Sir pl avoid background music
Thanks for your suggestions. Your suggestion is welcome. I have noted your comments and try to edit them.
Great thanks for this wonderful practical session of RA.
Thank you for those good words.
Hello Sanjay, thanks for this great resource. Please I have a question. My question is;
in the table below, I have various threat values for assetname "Laptop" and again had various threat values for assetname "Database server". In this situation, which of the threat values should I take as the actual threat value for a specific (single) asset?
Assetname Threats Frequency Impact Value Threat Threat Value
Laptop Virus & malware 4 4 16 4
Data & information theft 4 4 16 4
vandalism 3 3 9 3
unauthorized access 1 2 2 1
Ransomware 2 2 4 1
Date deletion 1 3 3 1
Database server Sql injection 3 4 12 3
Virus & malware 4 4 16 4
Data & information theft 4 4 16 4
vandalism 3 3 9 3
unauthorized access 1 2 2 1
Ransomware 2 2 4 1
Date deletion 1 3 3 1
Simple and effective presentation of the concept. Thank you for sharing.
You are welcome
Nicely explained sir. Thankyou so much for such a clear and nice contents. Sir could you please also make a video on CIA rating criteria, I mean how to decide 1~4 rating for Credibility, Integrity and availability?
Yes. Thanks for suggestion.I will do it.
It confidentiality and not credibility.
@@SanjayGore Thankyou Sir..!!
Hi everybody, i dont get the result of probability × impact value can become 4.
Can u further through some light, for me to explain more?
Hello Sanjay, thanks for the quick reply and your great Präsentation. I dont understand how the threat value is calculated. In your präsentation it says threat value is probabilty * impact value. This Value is larger than 1 -4 how do you get your Threat Value exactly. Is ist just estamation.
Excellent work, Sir; I appreciate your efforts
👍 Thanks
Sir, request if you could also make a video based on Context. Normally, it is called as Context Based Risk Assessment. Thanks
Sure. Your suggestion is well taken. Thanks for that.
@@SanjayGore looking forward to a fantastic video
How to compute vulnerability?
Thanks for your query. The vulnerability is other side of effectiveness of control. More the effectiveness of control lesser the vulnerability and vice versa.
You have made it look very simple.
Thank you.
Thank you Sir
is it okay to use -> Asset + Threat + Vulnerability = Risk
Yes. The organization can use eighter + or x as per convenience. But popular is X
Very nice and learning this session. Thanks you Sir.
Thank you very much Sir for those kind words. It is my pleasure.
Highly appreciate the simplification
Thanks
who will decide asset value is it data owner / asset owner or auditor/implementer ?
Thanks for the query. The assets value is decided by the risk owner and assets owner. In the risk assessment, the asset-owner is the occupier of the assets (information). As we have seen that the organization should define the risk owner while developing the assets register. So the asset- value is decided by the asset owner.
Thanks for your query.
@@SanjayGore Thanks
Very well done 👍
Thanks, Manohar.
Great work sir
Thanks, Jayesh.
Interesting Video..!!
Thanks Sanat.
Good to listen new. Topic voice quality requires improvement also विडिओ wiil be more effective if points are written on blackboard and explain slowly by taking a sample case say of any startup hypothetically
Chhan
Thanks, Madhav
Where is the impact section goes ?
Thanks for your response. Likelihood multiplied by Impact becomes Threat Value. Impact is the assessment of severity of the threat. Hope this suffices your query. Thanks again for asking the question.
@@SanjayGore it's clear so we calculate the risk score as threat*vul* asset value, please correct me if I am wrong
@@usmanshahzad3158 Your statement is correct, Sir.
Simple and to the Point, very well explained.
Thank you these good words.