Risk analysis is the first step towards managing risks, particularly when it comes to cyber risks. This recorded webinar introduces and explains key concepts, with links to several useful risk assessment tools.

Information technology brings many benefits to a business, but it also brings risks. Knowing how to assess and manage those cyber risks is essential for success, as well as a a powerful hedge against many of the threats that your business faces, whether you are an established firm or a pioneering startup. In this recorded webinar I introduce the basics of risk analysis and the core concepts involved in assessing your organization’s cybersecurity.

During my research in preparation for this webinar I gathered together links to several free risk assessment resources you might want to check out, particularly if you are exploring this aspect of security for the first time.

HHS Basics of Risk Analysis and Risk Management: http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/riskassessment.pdf

NIST Guide for Conducting Risk Assessments http://csrc.nist.gov/publications/nistpubs/800-30-rev1/sp800_30_r1.pdf

2015 ISACA and RSA Conference Survey http://www.isaca.org/cyber/Documents/State-of-Cybersecurity_Res_Eng_0415.pdf

CompTIA Security Assessment Wizard: https://www.comptia.org/communities/it-security/documents/security-assessment-wizard

HHS Security Risk Assessment Tool http://www.healthit.gov/providers-professionals/security-risk-assessment

DHS Cyber Security Evaluation Tool https://ics-cert.us-cert.gov/Assessments

CERT OCTAVE (Operationally Critical Threat Asset & Vulnerability Evaluation) Allegro Version http://www.cert.org/resilience/products-services/octave



Of these, the OCTAVE Allegro methodology from CERT may be the most practical for smaller businesses or organizations that are beginning the risk assessment and management process.

So, I hope you find the webinar helpful. Feel free to leave a comment if you think I missed important stuff, or if you think I got things wrong (or right)..





.

Note: You may be asked to register to watch, but there is no charge, and you only have to register once to see a whole bunch of security webinars recorded by myself and my fellow researchers.