Name: A Typical Journey with Risk
Uploaded: 2021-11-02T01:07:59Z
Duration: 191
Description: Did you know that an organization's risks shift and change over time mirroring its resources available? Click to watch our video on a journey with risk!

A Typical Journey with Risk

Transcription

When I think about how risk assessment looks at each stage of your business journey, it can take different forms. I think about our own company. When we first were operating and we had built our online audit manager, it was running on a web server and a database server with a fire wall, and it was actually sitting on top of a cubicle. I was the only person in the office – I was the only person with a key to that office, and I watched it like a hawk. I was personally responsible for it, and I looked out for the different risks that could physically as well as electronically effect that application. Once we started growing and had more resources, it became for feasible to think about, “well I don’t have the necessary environmental controls in this room. What if the air conditioner goes out and these servers are damaged?” I started thinking about redundancy, “Well what if the power goes out in the building?” We didn’t have the money, at that point, to pay for a data server and all of the controls that are sophisticated in an environment like that, but we did start spending money on additional controls in our office to lock up the environment so that within the walls of our office nobody could get to that. And we put money into backups and batteries and things like that that protected the environment. But finally, as we grew a little bit more, we had the resources to put the application into a data center. We did that because of the risks we were facing. All of our eggs were in that one physical location. We didn’t have generators; we didn’t have 24/7 personnel and we couldn’t afford to do that. But, once we moved it into a data center, we were then addressing some additional risks that we, previously, were willing to accept. And then, finally, it was our journey to the cloud that allowed us to shift our risk once again. We addressed some of the risks that we faced by having our application hosted at a data center that was running on a dedicated server in that environment and we moved it to the cloud. Did we eliminate risk along the way? No. With every change that we made, the risk just shifted, it changed. Now that our application is in the cloud, we’ve been able to access a lot of really great, sophisticated, advanced controls to minimize our risk, but we have different risks now that we’re in the cloud as opposed to where we were in the early days. And so, your risk assessment will look different. You will make different decisions based on the resources that you have available to you, and you will continue to mature and grow as you go through, what is a great process known as risk assessment.

A Typical Journey with Risk

Related Videos

3 Risk Assessment Methodologies

4 Ways to Treat Risk

AWS Controls for Implementing a DMZ

AWS Firewall Manager Centralized Logging

AWS Functions to Restrict Database Access

AWS Incident Response Playbook

AWS Incident Response Playbook for Credential compromise

AWS Incident Response Playbook for Ransomware

AWS Incident Response Playbook for S3 Buckets

AWS Tools for Your SDLC

AWS Web Application Firewall Defaults

Antivirus Solutions on EC2 Instances

Assign Access Based on Business Need to Know

BMIs Culture of Security

Benefits of Risk Management

Best Practices for Change Management in AWS

Best Practices for Password Parameters

Building a Cyber-Resilient Culture

Business Environment

Clients Benefit from BMI's Security Controls

Cloud Attacks on the Rise

Cloud Services Are Assets with Risk

Communicating Risk Assessment Results

Concerned About the ISO 27001 Revisions? Don't Be!

Configuring Network Border Controls

Create an Assessment Together

Creating Unity Through Risk Assessment

Creating a Data Flow Diagram

Creating a Network Diagram

Cyber Threat Intelligence

Define a Password Reset Procedure to Authenticate Requests

Define the Boundaries of Your Systems

Defining Business Continuity and Disaster Recovery

Defining Likelihood and Impact

Defining Risk, Threat and Vulnerability

Definitions for Risk Assessment Components

Deploying Security Patches on EC2 Instances

Determining Impact to Your Assets

Developing a Process for User Authentication

Documenting a Systems Inventory in AWS

Does AWS Provide Vendor Defaults?

Does Zero Risk Exist

Don't Discount Likelihood

Encrypting Traffic In and Out of AWS

Enforce Separation with Access Controls

Enforcing Strong Encryption in AWS

Enforcing Strong TLS Ciphers

Evaluating Likelihood and Impact

HIPAA Risk Analysis

HIPAA Safe Harbor

HIPAA and Risk Analysis

HITRUST and Risk Assessment

How Much Time Does An Assessment Take?

How Often Should We Assess Risk

How To Build Workforce Awareness Around Incident Response

How To Govern the Use of Mobile Devices

How to Define Your Scope

IAM Policies for Account Authentication

ISO 27001 Clause 6.1.1

ISO 27001 Clause 6.1.2

ISO 27001 Risk Assessment Documentation

Identify Your Assets

Identifying and Ranking Vulnerabilities in AWS

Improve Your Security Policy With FBI CJIS

Industry Best Practices for Configuration Standards

Industry Standards for Risk Assessment

Introduction to AWS Network Firewall

Introduction to AWS Security Hub

Introduction to Amazon Detective

Introduction to Amazon EKS

Introduction to Amazon S3 Access Points

Introduction to IAM Access Analyzer

Introduction to NIST SP 800-30

Introduction to NIST SP 800-39

Just start!

Kirkpatrick Price Risk Qualifications

Learn from an Azure Expert

Maintain Logs for Audit Accountability