ipl-logo

2. Risk

.pdf
School
Azerbaijan State Oil and Industrial University**We aren't endorsed by this school
Course
FACULTY OF 45
Subject
Information Systems
Date
Dec 18, 2024
Pages
2
Uploaded by ColonelFlower15807
27% COMPLETE 80/287 Steps < Previous Topic NextTopic > D Blue Team Levfl 1 Certificatib < (Standard) Risk Blue Team Level 1 Certification (Standard) > Management Principles > Risk COMPLETE . 4 Topics 1 Quiz Prinei 9 ris @ PoliciesandProcedures BLUE TEAM O Compiance Frameworks | | B\ LEVEL Activity|Enco Section Review PHISHING ANALYSIS DOMAIN @ o . Erna Bhishi Simply put, a risk is the possibility of a negative impact on practically anything i.e., business, financial, security, there @ 7 Topics | 1Quiz are many areas where risk may reside. A vulnerability is a weakness that can be exploited by a threat. Vulnerabilities @& PA) FypesofPhishingEmatls can be managed whereas a threat cannot. Management of risk is done by applying controls to bring the risk to an @ 10Topics 2 Quirzes acceptable level. Risk can be at different levels in an organization, from a single piece of equipment to a whole department or division. @ PATacti Techni @ 12Topics 2 Quizzes The likelihood that a threat will exploit a vulnerability depends on the existence of the threat, the vulnerability, and how effective the controls in place are. @ o o atinm a Biebin e . 8 Topics 2 Quizzes C PA5) Analysing URLs, Attachments, and Artifacts @ cTovcs 10 ~ RISK ASSESSMENTS = PA6) Taking Defensive Actions @ 12Topics 1Quiz Risk assessments are conducted to identify and determine the impacts of risk, the likelihood and the consequences PA7) Report Writing should a risk materialize. These can help organizations make informed decisions based on the outcome of the 7 Topi 1 Qui i i . i . @ 7Topics | 1Quiz assessment. Some risk assessments are required by law and so risk assessments are carried out to comply with PA8) Phishing Response Challenge these laws and regulations. . 3Topics 1Quiz For example, there is a risk of a corporate laptop being lost by an employee, the likelihood is the probability it will THREAT INTELLIGENCE DOMAIN occur and the consequence/impact is equipment & data loss. A risk assessment highlights this and enables mitigation to be put in place to prevent the consequence from ever materializing. TI1) Introduction to Threat Intelligence . 7 Topics T12) Threat Actors & APTs ® sTovics 2uizes -~ CONDUCTING AN ASSESSMENT TI3) Operational Threat Intelligence . 7 Topics 1 Quiz There are various ways risk assessments are carried out, but the basic steps are below: T14) Tactical Threat Intelligence @ 7 Topics 2 Quizzes e |dentifying potential hazards ] ] ¢ |dentifying who might be harmed by those hazards TI5) Strategic Threat Intelligence e Evaluatingrisk (severity and likelihood) and establishing suitable precautions @ 5Topics 1Quiz ¢ Implementing controls and recording your findings T16) Malware and Global Campaigns ¢ Reviewing your assessment and re-assessing if necessary. @ s Topics 1Quiz Risk assessments should be dynamic to be effective, they should be periodically reviewed and updated. In the world of cybersecurity, things are always changing at a fast pace and so should a risk assessment change with the risks. DIGITAL FORENSICS DOMAIN DF1) Introduction to Digital Forensics . 5 Topics DF2) Forensics Fundamentals MANAG I N G RI s K . 10 Topics 5 Quizzes DF3) Digital Evidence Collection Risk can be managed in four different ways depending on the organisation’s risk appetite or objectives. . 8 Topics 1Quiz DF4) Windows Investigations
Background image
. 3 Topics 3 Quizzes DF5) Linux Investigations . 4 Topics 2 Quizzes DF6) Volatility . 3 Topics 1 Quiz DF7) Autopsy . 4 Topics 1 Quiz SECURITY INFORMATION AND EVE[E MANAGEMENT DOMAIN SI1) Introduction to SIEM . 7 Topics 1 Quiz S12) Logging . 6 Topics 2 Quizzes S13) Aggregation . 2 Topics 1 Quiz Sl4) Correlation Risk Reduction Risk can be reduced by . applying mitigating controls, such as a firewall in front of an internet-facing website. Risk Avoidance Risk can be completely . removed by not engaging in a certain activity, such as not allowing employee-owned devices on corporate networks. < Previous Topic Managing Risk Back to Lesson Risk Transfer Risk can be transferred to another party, such as purchasing cyber attack insurance. Risk Acceptance If a risk is not high enough to warrant mitigating controls and would result in an acceptable impact, a business can choose to accept the risk and take no actions to address it. Privacy & Cookies Policy I PR = WG
Background image