64 min listen
Unavailable
Currently unavailable
2019-038-Deveeshree_Nayak-risk_analysis, and OWASP WIA
Currently unavailable
2019-038-Deveeshree_Nayak-risk_analysis, and OWASP WIA
ratings:
Length:
77 minutes
Released:
Oct 30, 2019
Format:
Podcast episode
Description
OWASP WIA - https://www.youtube.com/watch?v=umnt0qbOPsE https://www.owasp.org/index.php/Women_In_AppSec OWASP Women in AppSec Twitter: 2013_Nayak (reach and ask to be added) https://www.tagnw.org/events/ Risk in Infosec Risk - a situation which involves extreme danger and extensive amount of unrecovered loss What about risks that are positive in nature? PMP calls them ‘opportunities’ Risk Analysis - systemic examination of the components and characteristics of risk Analysis Steps - Understanding and Assessment Understand there is a risk What if a company does not have security standards? Identification Identify and categorize risk - Informational risk Network risk Hardware risk Software risk Environment risk? https://en.wikipedia.org/wiki/Routine_activity_theory Scope of risk analysis? Threat modeling to find risks? https://www.leviathansecurity.com/blog/the-calculus-of-threat-modeling SWOT (strength/weakness/opportunities/threats) analysis will discover risks? Risk analysis methodologies? https://www.project-risk-manager.com/blog/qualitative-risk-techniques/ https://securityscorecard.com/blog/it-security-risk-assessment-methodology https://en.wikipedia.org/wiki/Probabilistic_risk_assessment https://en.wikipedia.org/wiki/Capability_Maturity_Model_Integration Estimation Chance that risk will occur (once a decade, once a week) Design controls to remediate Implementation Risk assessment is a combined approach Combined approach for a risk analysis You mentioned a lot of people, what’s the scope? How do you do the risk assessment? Framework? Evaluation Evaluation approach Like an agile approach Provides an informed conclusion Report must be clear (no jargon) Decision Making Examples to Reduce Risk Training and education what kind of testing? Annual Security training? Publishing policies Agreement with organization BAA with 3rd parties Timely testing -
Released:
Oct 30, 2019
Format:
Podcast episode
Titles in the series (100)
2021-018-LawyerLiz, Pres. Biden's EO, and the clueless professor: Elizabeth Wharton: @lawyerliz on Twitter Executive Order: () “An executive order is a signed, written, and published directive from the President of the United States that manages operations of the federal government. They are numbered... by BrakeSec Education Podcast