CRISC

Course
Time
6 hours 30 minutes
Difficulty
Advanced
CEU/CPE
7

Video Transcription

00:01
Now, of course, we also have to always think about what's coming, what's down the line. And the problem about that is you don't know what you don't know. So we have these trends thes emerging risks where we can kind of get an idea of what's on the horizon. But then always something kind of comes in out of left field.
00:21
I remember the first time we started hearing about ransomware attacks,
00:25
and so many organizations were caught off guard because that just wasn't part of their current risk management strategy. So we have to think about the fact that new threats and vulnerabilities are ultimately continuing to merge, just like they always have.
00:42
And they come from all sorts of different sources.
00:46
So we can't forget the fact that our internal employees pose the greatest risk to us. You know, if you're looking where fraud comes from, from the inside,
00:56
we have to think about contractors as well and business partners, anybody that we're allowing into our environment. Well, they're gonna have a little bit better access or a little bit more control or access. However you want to say that, then the external Attackers
01:14
and when we look at these. You know, I've talked about malicious attacks. These were great stunts come from. But remember to Onley about 1/3 of security violations from the inside or malicious. So you've got 2/3 of these attacks that are just accidents.
01:30
And really, that's where the network administrator
01:34
and that's where risk management comes into play, is how can we live it, what our employees do, intentionally or unintentionally,
01:42
and yet still allow them to perform their work functions.
01:48
Then we've also got to consider about cyber, credible criminals, state sponsored criminals. They're even, you know, when you look at the black cat community, often their competitions directed at specific organizations
02:02
that you know they're turning it into a competitive environment, who can denial of service, this system or this company or another,
02:09
and then something that we've seen quite a bit of over the last four or five years has been hacktivism where folks with, um, you know, with hackers that have a beef, so to speak, with an organization, or perhaps a political group or whatever
02:28
launching denial of service attacks have been very popular
02:31
to take Visa or MasterCard down because they don't like limitations that they put on wiki leaks. For instance, Visa MasterCard ah had cut off the The resource is the financial resource is toe wiki leaks over
02:46
Ah, several of the instances that they, you know, several security breaches.
02:52
And so the hack of us came back and said, Okay, we'll take you off line for, uh, you know, minutes, hours, however, So these air kind of some some trends that we're starting to see and we have to think about the future after think about the future in Sometimes
03:07
we're so focused on mitigating the last risk
03:12
that hit us that we're not thinking of the future. If you're preparing for the risk that hit you today, you're behind. You're already behind. So we have to look at the new technologies. You know, I've mentioned threat modeling and will continue to talk about threat modeling throughout.
03:30
We've gotta look a new technologies from that standpoint
03:32
is well,
03:34
And if you don't have your eye on the future like I said, we're not going to notice the trends that are emerging. We're not gonna properly evaluate the new technology, and we're not gonna be a proactive organisation.
03:50
We're gonna be a reactive

Up Next

CRISC

This course on Certified in Risk and Information Systems Control is for IT and business professionals who develop and maintain information system controls, and whose job revolves around security operations and compliance.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor