Here are the learning outcomes for anyone who needs them (they're all listed at 27:59) What is Risk? Why do we need risk management What is risk management? What is risk assessment? What is risk treatment? What is likelihood, impact, inherent and residual risk? Difference between threat, vulnerability and risk. Difference between asset owner and asset custodian. Difference between risk management and risk assessment. Difference between quantitative, qualitative, and semi-quantitative risk management. The Risk Management Process.
Thank you very much for bringing this up. Yes, in this video the asset valuation is not discussed in specific however, theoretically just in the context of this content, consider it be part of asset identification.
Thank you very much for this video. It came very handy. Would you be able to recommend the academic journals within IT Security Risk Assessment that I could refer to for my literature review? That will be much appreciated.
Hi Phathiswa! Thank you for your kind words. It was encouraging. My apologies, I am no aware about any specific academic journals within the domain. But you can always refer to standardizing bodies and international platforms like SANS for the same.
Hello, i will a writing assignment about information security, security risks, security control, and the application of risk control and risk measures. So, can you help me like you make video as well as notes on it. Please help me.
An excellent way of teaching. Thanks. In video while defining, residual risk = inherent risk - control value However, in overview of risk management process, residual risk = inherent risk divided by control value Which one is right?
Waiver and derogation are just literal jargon. Both of them are related to risk acceptance. Waiver is where management allows you to allow a particular risk open as untreated. Same story is with derogation. The real deal is that what constitutes such waivers and derogation? - If the risk levels are low? If risk likelihood is high but impact is low? Or the benefit realized from a particular thing is far greater in value than the impact of the risk?
Here are the learning outcomes for anyone who needs them (they're all listed at 27:59)
What is Risk?
Why do we need risk management
What is risk management?
What is risk assessment?
What is risk treatment?
What is likelihood, impact, inherent and residual risk?
Difference between threat, vulnerability and risk.
Difference between asset owner and asset custodian.
Difference between risk management and risk assessment.
Difference between quantitative, qualitative, and semi-quantitative risk management.
The Risk Management Process.
Watching it again and it even got better!
good video, Thank you! but need to learn, how to implement this as well :)
Thank you and best of luck ☺️
I will be joining as a Information Security Risk Analyst next month. This will help me prepare. Thank you.
It definitely will. Do let me know on what other topics you would like to hear me on.
You put everything in order and the explanation was so comprehensive
Thank you very much for your kind feedback
I’m an info sec risk analyst for my bank. This is great resource!!
Thank you very much. Really appreciate it!
Hello Ali , Thank you for this helpful video . can you make video about Assent / process Inventory exercise ?
Hi Ali
Would be very helpful if you can provide a link to the actual slide deck itself.
Great video! Thanks for the explanation!
Thank you for your time and effort at creating this. Good job. Keep it up. I learned something new too.
Thank you very much. I really appreciate it.
One of the excellent and crisp explanations that I have seen so far. Thank You so much!
Thank you @ramganesh
Excellent job!! You are great!
Thank you very much!
Excellent content for beginners. Thank you for your effort
Thank you very much Adil.
Great information Ali. I like how you structure and explained the concepts. Keep up the good work!
Thank you very much!
Very good content. Thanks for sharing this
Thank you for your feedback @mayankraj2806. Really appreciate it
Are we not considering the process value/asset value for risk score calculation?
Thank you very much for bringing this up. Yes, in this video the asset valuation is not discussed in specific however, theoretically just in the context of this content, consider it be part of asset identification.
Wow…. Great explanation and well organized. 👏👏👏
Thank you very much Asanka!
Excellent Mr Ali!!
Thank you very much Ram!
Quite helpful and interesting, thank you
Thank you very much Mamta!
Thanks for the session , I guess in 18:01 , it should be NIST SP 800-30 in place of NIST SP 800-50 .
Thank you! and Absolutely. Apologies from my end. Will manage the rectification.
This is a great overview.
Thank you
Thank you for the informative information. Do you have a default template to use?
Thanks Tausef. Unfortunately, no.
Very easy understanding. Thanks for such working.
Thank you very much Javed! Really appreciate it.
It was informative, Ali! Thanks for the video
Thank you very much Ahmed. Really appreciate it.
Nice initiative Ali.. 👍😇
Good one.
Thank you!
very good work..appreciate it
Thanks Rohit
Excellent delivery. Thank you.
Thank you very much Kester. I really appreciate it.
Thank you, extremely helpful
Thank you very much for this video. It came very handy. Would you be able to recommend the academic journals within IT Security Risk Assessment that I could refer to for my literature review? That will be much appreciated.
Hi Phathiswa!
Thank you for your kind words. It was encouraging.
My apologies, I am no aware about any specific academic journals within the domain. But you can always refer to standardizing bodies and international platforms like SANS for the same.
@@aliqureshi2227 so much appreciated Ali. I found something I could use by U Kumar plus the standards. Have a blessed new year 🙏
Hello, i will a writing assignment about information security, security risks, security control, and the application of risk control and risk measures. So, can you help me like you make video as well as notes on it. Please help me.
An excellent way of teaching. Thanks.
In video while defining,
residual risk = inherent risk - control value
However, in overview of risk management process,
residual risk = inherent risk divided by control value
Which one is right?
Thank you very much. I would recommend to use division as it leads to a reasonable residual risk value.
Very concise and informative.
Thank you very much Kaleem!
What is the meaning of waiver and Derogation? in risk treatment.
Waiver and derogation are just literal jargon.
Both of them are related to risk acceptance. Waiver is where management allows you to allow a particular risk open as untreated. Same story is with derogation.
The real deal is that what constitutes such waivers and derogation? - If the risk levels are low? If risk likelihood is high but impact is low? Or the benefit realized from a particular thing is far greater in value than the impact of the risk?
Keep up the good work ❤️
Thank you Ziyad!
👌🏻❤
Great
Thank you
Thank you
You're welcome Jason.
Nice !
Thanks 🙏
If u a notes please send it
@16:45
I am sorry. Can you please translate that in to English if that is a question?
@@aliqureshi2227 Oops sorry mate i marked the timeline for my purpose
So that i can resume the video later from where i left it off
@@TVVDINAKARAN No problem! :)
انت مين
النبي عربي ياعلوه