title
Introduction to Risk Assessment

description
Info Level: Beginner Presenter: Eli the Computer Guy Date Created: October 12, 2010 Length of Class: 57 Minutes Tracks Computer Security /Integrity Prerequisites None Purpose of Class This class teaches students the basic concepts behind Risk Assessments. Topics Covered Defining Risk, Threat and Vulnerability Types of Protections Mitigation Concepts Business Rational for Risk Assessment and Management Class Notes Introduction The better you know technology the better you will do with Risk Assessment/ Management. Risk Risk = Treat x Vulnerability Overview of Risk Risk is defined as the likelihood of financial loss. Risk is a business concepts not a technological one. Down Time Fraud Legal data loss issues Hacking -- Attacks from your network Data Theft (Trade Secrets) Overview of Threat i. Natural Disatser ii. Malicious Human iii. Accidental Human iv. System Failure Impersonation Interception Interference Overview of Vulnerability Flooding Theft of Systems Hacking Viruses Overview of Protections Technoloigical Safe Guards Physical/ Operational Security Disaster Plan Documentation Technological Safeguards (Firewalls, Antivirus) Concepts of Mitigation Incident - Response - Debrief - Mitigation Making Bad not so bad You will never be safe Security Buy In and Quantifying Risk The business leaders will make the final decision on Risk Management The better your BUSINESS argument the more likely you are to get the go ahead. What is the cost of downtime What is the legal cost Cost of Security vs. Benefit Final Thoughts Risk is a BUSINESS concept! The more you understand about business and can talk about financial ramifications the more likely you are to get you fancy new security equipment. Resources US Computer Emergency Readiness Team

detail
{'title': 'Introduction to Risk Assessment', 'heatmap': [{'end': 454.027, 'start': 411.055, 'weight': 0.75}, {'end': 1102.255, 'start': 988.661, 'weight': 0.784}, {'end': 1376.627, 'start': 1306.042, 'weight': 0.774}, {'end': 1834.409, 'start': 1785.642, 'weight': 0.821}, {'end': 2544.148, 'start': 2440.634, 'weight': 0.709}, {'end': 3429.738, 'start': 3403.104, 'weight': 0.831}], 'summary': 'Provides an introduction to risk assessment, covering topics such as business threats, network and information system threats, system vulnerabilities and protections, it security measures, security breach response, disaster recovery and mitigation, and business justification for security measures, with practical examples and quantifiable data to mitigate risks.', 'chapters': [{'end': 836.323, 'segs': [{'end': 59.003, 'src': 'embed', 'start': 31.781, 'weight': 2, 'content': [{'end': 40.55, 'text': 'Risk is simply the concept of the likelihood of loss, the likelihood that the business is going to lose money.', 'start': 31.781, 'duration': 8.769}, {'end': 47.738, 'text': 'So what is the risk of a computer shutting down and how much money will that cost the business?', 'start': 40.67, 'duration': 7.068}, {'end': 59.003, 'text': 'One of the things that you should think about is in order to do risk assessment properly, you have to understand both technology and business.', 'start': 48.278, 'duration': 10.725}], 'summary': 'Risk assessment involves understanding technology and business to mitigate financial losses.', 'duration': 27.222, 'max_score': 31.781, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g31781.jpg'}, {'end': 239.899, 'src': 'embed', 'start': 206.913, 'weight': 0, 'content': [{'end': 212.216, 'text': 'So, if your systems go down, how much money will you lose because of downtime, etc.', 'start': 206.913, 'duration': 5.303}, {'end': 215.498, 'text': 'So, risk is a business concept.', 'start': 212.596, 'duration': 2.902}, {'end': 219.601, 'text': "So, this is a big thing to understand when you're going in to do risk assessment.", 'start': 215.538, 'duration': 4.063}, {'end': 227.607, 'text': "So, when you're thinking about risk and when you're thinking about loss to your business, loss can come from a number of different places.", 'start': 220.122, 'duration': 7.485}, {'end': 229.268, 'text': 'So, you could have downtime.', 'start': 227.947, 'duration': 1.321}, {'end': 239.899, 'text': "Downtime, of course, is the server is down, whether it's viruses, whether it's a power supply blowing, whatever it is.", 'start': 231.397, 'duration': 8.502}], 'summary': 'Understanding risk assessment is crucial for minimizing business losses, including downtime costs.', 'duration': 32.986, 'max_score': 206.913, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g206913.jpg'}, {'end': 454.027, 'src': 'heatmap', 'start': 411.055, 'weight': 0.75, 'content': [{'end': 414.978, 'text': 'So risk equals threat times vulnerability.', 'start': 411.055, 'duration': 3.923}, {'end': 423.803, 'text': 'So the likelihood of loss equals what the threat is times how vulnerable your system is.', 'start': 415.398, 'duration': 8.405}, {'end': 430.487, 'text': "So basically, if you're worried about somebody hacking your system, the threat is hackers.", 'start': 424.203, 'duration': 6.284}, {'end': 434.07, 'text': 'your. your systems are very vulnerable.', 'start': 432.109, 'duration': 1.961}, {'end': 441.977, 'text': "there's no antivirus software, there's no, there's no firewall then your risk is high, because threat is high.", 'start': 434.07, 'duration': 7.907}, {'end': 443.798, 'text': 'vulnerability is high.', 'start': 441.977, 'duration': 1.821}, {'end': 446.621, 'text': 'therefore, risk is high.', 'start': 443.798, 'duration': 2.823}, {'end': 454.027, 'text': "now on that, if you're worried about hackers but you have good firewalls and you have good antivirus software, etc.", 'start': 446.621, 'duration': 7.406}], 'summary': 'Risk equals threat multiplied by vulnerability, impacting likelihood of loss and risk level.', 'duration': 42.972, 'max_score': 411.055, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g411055.jpg'}, {'end': 543.687, 'src': 'embed', 'start': 513.885, 'weight': 1, 'content': [{'end': 521.89, 'text': 'The big thing, all I would say, is with this equation, is remember that anything times zero is zero.', 'start': 513.885, 'duration': 8.005}, {'end': 531.098, 'text': 'So if you have zero threat times a high vulnerability, your risk is still zero.', 'start': 522.871, 'duration': 8.227}, {'end': 543.687, 'text': "So yeah, so if you're very vulnerable to tornadoes, but you're in a place that doesn't have any tornadoes, then your risk is zero.", 'start': 532.479, 'duration': 11.208}], 'summary': 'Remember, zero threat times high vulnerability equals zero risk.', 'duration': 29.802, 'max_score': 513.885, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g513885.jpg'}], 'start': 5.438, 'title': 'Risk assessment and business threats', 'summary': "Introduces risk assessment, emphasizing the need to understand technology and business, and discusses business risks including financial losses, legal issues, and data theft. it also highlights the equation 'risk = threat times vulnerability' and emphasizes considering natural disasters as a significant threat to business systems.", 'chapters': [{'end': 256.322, 'start': 5.438, 'title': 'Intro to risk assessment', 'summary': 'Discusses the concept of risk assessment, emphasizing the importance of understanding both technology and business, and highlights the need for considering business justifications for security solutions in addition to technological solutions.', 'duration': 250.884, 'highlights': ['Risk is the likelihood of financial loss for a business due to system downtime or security breaches. Emphasizes the concept of risk as the likelihood of financial loss for a business due to system downtime or security breaches.', 'Understanding both technology and business is crucial for effective risk assessment. Stresses the crucial role of understanding both technology and business for effective risk assessment.', 'Business justifications for implementing security solutions are crucial in risk assessment, not just technological solutions. Underlines the importance of considering business justifications for implementing security solutions in addition to technological solutions in risk assessment.']}, {'end': 836.323, 'start': 256.902, 'title': 'Business risks and threats', 'summary': "Discusses various business risks including financial losses from fraud, legal issues, and data theft, and highlights the equation 'risk = threat times vulnerability' to assess risk levels, emphasizing the importance of considering natural disasters as a significant threat to business systems.", 'duration': 579.421, 'highlights': ["The equation 'risk = threat times vulnerability' is emphasized to assess risk levels, indicating that the likelihood of loss equals the threat multiplied by the system's vulnerability. Emphasis on assessing risk levels using the equation 'risk = threat times vulnerability'.", "The importance of considering natural disasters as a significant threat to business systems is highlighted, with a specific example of a flood affecting a client's server room, prompting the need to relocate it to a more secure location on the second floor. Emphasizes the significance of natural disasters as a threat to business systems, with a specific example of a flood affecting a client's server room.", 'Various business risks are discussed, including financial losses from fraud, legal issues, and data theft, highlighting the potential impact on businesses and the importance of considering these risks in assessments. Discussion of various business risks and their potential impact on businesses.']}], 'duration': 830.885, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g5438.jpg', 'highlights': ['Understanding both technology and business is crucial for effective risk assessment.', "Emphasis on assessing risk levels using the equation 'risk = threat times vulnerability'.", 'The importance of considering natural disasters as a significant threat to business systems is highlighted.', 'Various business risks are discussed, including financial losses from fraud, legal issues, and data theft.']}, {'end': 1290.874, 'segs': [{'end': 865.376, 'src': 'embed', 'start': 837.063, 'weight': 2, 'content': [{'end': 840.605, 'text': 'The next flood might be in another 100 years or it might be tomorrow.', 'start': 837.063, 'duration': 3.542}, {'end': 842.126, 'text': 'So look at that.', 'start': 840.785, 'duration': 1.341}, {'end': 848.349, 'text': 'What are the possibilities for natural disasters? The next thing, of course, that can happen is system failure.', 'start': 842.246, 'duration': 6.103}, {'end': 856.989, 'text': "So when you're looking for threats, of course, the threat of system failure is always there.", 'start': 851.144, 'duration': 5.845}, {'end': 865.376, 'text': 'What can make the threat of system failure higher is are you guys buying high quality components?', 'start': 857.609, 'duration': 7.767}], 'summary': 'Be prepared for natural disasters and system failures by considering the possibilities and investing in high quality components.', 'duration': 28.313, 'max_score': 837.063, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g837063.jpg'}, {'end': 914.248, 'src': 'embed', 'start': 890.44, 'weight': 1, 'content': [{'end': 898.274, 'text': "When you're going in, when you're looking at your business or your client's business, What is the quality of the equipment that they are using?", 'start': 890.44, 'duration': 7.834}, {'end': 902.859, 'text': 'Are they using Cisco equipment or are they using some weird Chinese knockoff?', 'start': 898.394, 'duration': 4.465}, {'end': 904.761, 'text': "You know they're computers.", 'start': 903.199, 'duration': 1.562}, {'end': 909.806, 'text': 'Are they, you know, a name, brand, high quality manufacturer?', 'start': 905.101, 'duration': 4.705}, {'end': 914.248, 'text': 'Or are they something that they could just buy a dozen of off the internet for $100??', 'start': 910.306, 'duration': 3.942}], 'summary': 'Assess the quality of equipment used in the business, such as cisco vs. knockoff, and high-quality vs. low-cost options.', 'duration': 23.808, 'max_score': 890.44, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g890440.jpg'}, {'end': 1102.255, 'src': 'heatmap', 'start': 981.456, 'weight': 0, 'content': [{'end': 988.401, 'text': 'What is the threat that somebody is accidentally going to delete the contact database and not mean to do it?', 'start': 981.456, 'duration': 6.945}, {'end': 999.93, 'text': "What is the threat that somebody is going to go in and reconfigure all the network settings on the server and I've seen this done before and basically shut the entire server and the entire network down?", 'start': 988.661, 'duration': 11.269}, {'end': 1004.571, 'text': 'What is the threat of a human accidentally doing something?', 'start': 1000.53, 'duration': 4.041}, {'end': 1009.912, 'text': "Whether it's a boss, whether it's a secretary, whether it's the technician?", 'start': 1004.851, 'duration': 5.061}, {'end': 1011.453, 'text': 'Sometimes technicians, believe me.', 'start': 1009.992, 'duration': 1.461}, {'end': 1013.393, 'text': 'Again, I had technical employees.', 'start': 1011.933, 'duration': 1.46}, {'end': 1015.654, 'text': 'Sometimes they just do retarded stuff.', 'start': 1013.573, 'duration': 2.081}, {'end': 1019.274, 'text': 'So the threat of accidental human problems.', 'start': 1016.054, 'duration': 3.22}, {'end': 1026.236, 'text': 'And then finally, the threat that you are most accustomed to thinking about, of course, is malicious.', 'start': 1020.055, 'duration': 6.181}, {'end': 1030.549, 'text': 'human threat.', 'start': 1029.146, 'duration': 1.403}, {'end': 1038.619, 'text': 'So this is where somebody comes in and they steal the server, they hack your accounts, they do identity theft, etc.', 'start': 1031.01, 'duration': 7.609}, {'end': 1041.063, 'text': 'So these are people with malicious intent.', 'start': 1038.7, 'duration': 2.363}, {'end': 1044.748, 'text': "Now realize, now look at this, I've done threats and this is the last threat.", 'start': 1041.704, 'duration': 3.044}, {'end': 1053.137, 'text': "So that's four threats And only one of those is actually the malicious, the stuff that you think about as a normal threat.", 'start': 1045.088, 'duration': 8.049}, {'end': 1059.843, 'text': "So now when we're talking about malicious human stuff, the first thing that we talk about is something called impersonation.", 'start': 1053.637, 'duration': 6.206}, {'end': 1064.488, 'text': 'The second thing is interception.', 'start': 1062.286, 'duration': 2.202}, {'end': 1070.234, 'text': 'And the third is interference.', 'start': 1068.252, 'duration': 1.982}, {'end': 1077.522, 'text': 'So these are the broad technical terms, I suppose, of what malicious humans can do to you.', 'start': 1071.519, 'duration': 6.003}, {'end': 1081.604, 'text': 'So if you start with the first one, the first one is interference.', 'start': 1078.082, 'duration': 3.522}, {'end': 1088.528, 'text': 'So what interference is, is basically where somebody just damages your business.', 'start': 1082.685, 'duration': 5.843}, {'end': 1092.13, 'text': "They're not stealing information.", 'start': 1090.509, 'duration': 1.621}, {'end': 1094.011, 'text': "They're not stealing data.", 'start': 1092.15, 'duration': 1.861}, {'end': 1095.151, 'text': "They're not doing fraud.", 'start': 1094.051, 'duration': 1.1}, {'end': 1097.352, 'text': 'They just basically damage your business.', 'start': 1095.531, 'duration': 1.821}, {'end': 1102.255, 'text': 'So this is where somebody comes in and they steal your server.', 'start': 1097.492, 'duration': 4.763}], 'summary': 'The transcript discusses the threats posed by accidental and malicious human actions, with a focus on interference, interception, and impersonation.', 'duration': 49.093, 'max_score': 981.456, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g981456.jpg'}, {'end': 1159.246, 'src': 'embed', 'start': 1131.158, 'weight': 4, 'content': [{'end': 1134.439, 'text': 'anything more than damaging your business uh.', 'start': 1131.158, 'duration': 3.281}, {'end': 1139.101, 'text': 'this may be you can see this now i say october of two thousand ten uh.', 'start': 1134.439, 'duration': 4.662}, {'end': 1141.482, 'text': 'you know we have all these copyright uh.', 'start': 1139.101, 'duration': 2.381}, {'end': 1143.382, 'text': 'lawsuits going on right now.', 'start': 1141.482, 'duration': 1.9}, {'end': 1152.265, 'text': 'well, a lot of the hacking groups out there are targeting websites of these copyright organizations and just trying to bring them down,', 'start': 1143.382, 'duration': 8.883}, {'end': 1154.965, 'text': 'doing denial of service, attacks, etc.', 'start': 1152.265, 'duration': 2.7}, {'end': 1159.246, 'text': "So they're not stealing any information or doing any of that.", 'start': 1155.326, 'duration': 3.92}], 'summary': "Hacking groups are targeting copyright organizations' websites, causing denial of service attacks, without stealing any information.", 'duration': 28.088, 'max_score': 1131.158, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g1131158.jpg'}], 'start': 837.063, 'title': 'Network and information system threats', 'summary': 'Outlines the impact of component quality on natural disasters and system failures, and discusses risks associated with system failure, accidental human interference, and malicious human threats, with a focus on types of malicious activities - interference, interception, and impersonation.', 'chapters': [{'end': 909.806, 'start': 837.063, 'title': 'Threats to network systems', 'summary': 'Outlines the possibilities of natural disasters and system failures, emphasizing the impact of component quality on the threat level, with an example of cisco and linksys equipment.', 'duration': 72.743, 'highlights': ['The threat of system failure is always there, and it can be heightened by using low-quality components such as secondhand Linksys gear.', 'The quality of equipment, such as using Cisco equipment versus low-quality manufacturers, impacts the threat level of system failure.', 'The possibilities for natural disasters are unpredictable, with the next flood potentially occurring in 100 years or tomorrow.']}, {'end': 1290.874, 'start': 910.306, 'title': 'Threats to information systems', 'summary': 'Discusses the threats to information systems, highlighting the risks associated with system failure, accidental human interference, and malicious human threats, with a focus on the types of malicious activities - interference, interception, and impersonation.', 'duration': 380.568, 'highlights': ['The threat of system failure increases with the use of lesser quality equipment, while high-quality equipment reduces the risk of system failure. The threat of system failure is relatively low with high-quality equipment, and relatively high with bargain basement stuff.', 'Accidental human interference poses a significant threat, including the risk of data deletion, network settings reconfiguration, and other unintentional actions by employees. The threat of accidental human interference encompasses the possibility of data deletion, network settings reconfiguration, and other unintentional actions, affecting the system and network.', 'Malicious human threats encompass impersonation, interception, and interference, with a focus on damaging the business, stealing data, and identity theft. Malicious human threats include interference, interception (classical hacking), and impersonation (identity theft), which aim to damage the business, steal data, and assume the identity of others.', 'Natural disasters also pose a significant threat to information systems, and it is important to consider and address these risks as well. Natural disasters, such as floods, should not be overlooked as they can have a significant impact on information systems, and it is essential to address and mitigate these risks.']}], 'duration': 453.811, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g837063.jpg', 'highlights': ['The threat of system failure is heightened by using low-quality components such as secondhand Linksys gear.', 'The quality of equipment impacts the threat level of system failure.', 'The possibilities for natural disasters are unpredictable, with the next flood potentially occurring in 100 years or tomorrow.', 'High-quality equipment reduces the risk of system failure.', 'Accidental human interference poses a significant threat, including the risk of data deletion and network settings reconfiguration.', 'Malicious human threats encompass impersonation, interception, and interference, with a focus on damaging the business, stealing data, and identity theft.', 'Natural disasters also pose a significant threat to information systems, and it is important to consider and address these risks.']}, {'end': 1646.53, 'segs': [{'end': 1401.182, 'src': 'heatmap', 'start': 1306.042, 'weight': 2, 'content': [{'end': 1308.824, 'text': "It's just where they do because we all do something dumb sometimes.", 'start': 1306.042, 'duration': 2.782}, {'end': 1312.167, 'text': 'So those are the threats that you have to worry about.', 'start': 1308.964, 'duration': 3.203}, {'end': 1317.072, 'text': 'Again, the higher the possibility that one of these things happen, the higher the threat level.', 'start': 1312.567, 'duration': 4.505}, {'end': 1325.561, 'text': "So let's have an overview of vulnerabilities then.", 'start': 1322.979, 'duration': 2.582}, {'end': 1326.301, 'text': "Let's talk.", 'start': 1325.881, 'duration': 0.42}, {'end': 1327.401, 'text': 'So we talked about threats.', 'start': 1326.341, 'duration': 1.06}, {'end': 1330.503, 'text': 'So these are the outside forces that could attack your system.', 'start': 1327.462, 'duration': 3.041}, {'end': 1333.865, 'text': 'So what are the vulnerabilities of your system?', 'start': 1330.963, 'duration': 2.902}, {'end': 1340.508, 'text': 'What protections do you have in place to protect your systems from these threats?', 'start': 1333.985, 'duration': 6.523}, {'end': 1342.369, 'text': 'And then, what holes are there?', 'start': 1340.608, 'duration': 1.761}, {'end': 1345.531, 'text': "So when we're talking about vulnerabilities,", 'start': 1342.809, 'duration': 2.722}, {'end': 1356.768, 'text': 'You basically start talking about what do you have set up that protects your systems from these types of threats?', 'start': 1349.5, 'duration': 7.268}, {'end': 1366.499, 'text': "So, if you're talking about natural disasters, what protections have you set up for these natural disasters?", 'start': 1357.249, 'duration': 9.25}, {'end': 1376.627, 'text': 'So if you are in a floodplain and your server room is on the first floor of the building, then you are very vulnerable to a flood.', 'start': 1366.559, 'duration': 10.068}, {'end': 1383.471, 'text': "Whereas if you put the server on the second floor of the building, you're not that vulnerable to a flood.", 'start': 1377.067, 'duration': 6.404}, {'end': 1391.617, 'text': "So, basically, if a flood, if this actually occurs, what are the chances that it's actually going to damage the system?", 'start': 1383.832, 'duration': 7.785}, {'end': 1401.182, 'text': 'When we talk about system failure, as I said, What are your vulnerabilities to system failure?', 'start': 1392.297, 'duration': 8.885}], 'summary': 'Assess vulnerabilities and threats to protect systems effectively.', 'duration': 95.14, 'max_score': 1306.042, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g1306042.jpg'}, {'end': 1581.499, 'src': 'embed', 'start': 1559.99, 'weight': 0, 'content': [{'end': 1568.713, 'text': "So this is your vulnerability to somebody actually coming in and stealing or doing something nefarious to your systems when you're talking about things like interception.", 'start': 1559.99, 'duration': 8.723}, {'end': 1573.335, 'text': 'So again, as we talked about with classical hacking, what is your vulnerability to that??', 'start': 1569.053, 'duration': 4.282}, {'end': 1576.797, 'text': 'Do you have first class firewalls set up??', 'start': 1573.835, 'duration': 2.962}, {'end': 1579.878, 'text': 'Do you have antivirus systems set up??', 'start': 1577.657, 'duration': 2.221}, {'end': 1581.499, 'text': 'Do you have malware systems set up??', 'start': 1579.898, 'duration': 1.601}], 'summary': 'Assess vulnerability to hacking and set up defenses like firewalls, antivirus, and malware systems.', 'duration': 21.509, 'max_score': 1559.99, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g1559990.jpg'}, {'end': 1646.53, 'src': 'embed', 'start': 1599.408, 'weight': 1, 'content': [{'end': 1606.831, 'text': "If you don't have antivirus on your systems and you don't have a firewall and anybody can do whatever the hell they want on their computers,", 'start': 1599.408, 'duration': 7.423}, {'end': 1609.293, 'text': 'then your vulnerability to interception is very high.', 'start': 1606.831, 'duration': 2.462}, {'end': 1611.974, 'text': 'Anybody in the world can probably come in and hack your systems.', 'start': 1609.393, 'duration': 2.581}, {'end': 1614.735, 'text': 'And then finally, things like impersonation.', 'start': 1612.274, 'duration': 2.461}, {'end': 1616.376, 'text': 'Again, this goes to.', 'start': 1615.175, 'duration': 1.201}, {'end': 1620.917, 'text': 'You know how well do you do things like destroy documentation?', 'start': 1617.236, 'duration': 3.681}, {'end': 1629.081, 'text': "So if you're worried about identity theft, do you shred all of the information that might be valuable?", 'start': 1621.278, 'duration': 7.803}, {'end': 1632.002, 'text': 'You know when Eli, the Computer Guy, the repair shop, was around,', 'start': 1629.381, 'duration': 2.621}, {'end': 1644.449, 'text': 'I had five shredders in this building because any piece of paperwork that had any information about the client had to be shredded after work on their computer was done.', 'start': 1632.962, 'duration': 11.487}, {'end': 1645.63, 'text': "We didn't keep passwords.", 'start': 1644.589, 'duration': 1.041}, {'end': 1646.53, 'text': "We didn't keep any of that.", 'start': 1645.65, 'duration': 0.88}], 'summary': 'Without antivirus and firewall, vulnerability to interception is high; shredding valuable information reduces identity theft risk.', 'duration': 47.122, 'max_score': 1599.408, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g1599408.jpg'}], 'start': 1291.254, 'title': 'System vulnerabilities and protections', 'summary': 'Discusses threats and vulnerabilities to systems, emphasizing the impact of equipment quality, protections against natural disasters, and human errors. it also emphasizes the importance of setting up proper permissions, security systems, and physical protections to mitigate the risk of data deletion, theft, interception, and impersonation.', 'chapters': [{'end': 1434.946, 'start': 1291.254, 'title': 'System vulnerabilities and threats', 'summary': 'Discusses the threats and vulnerabilities to systems, emphasizing the impact of equipment quality on system failures, and the importance of protections against natural disasters and human errors.', 'duration': 143.692, 'highlights': ['The higher the quality of the equipment you buy, the less likelihood of system failures, emphasizing the impact of equipment quality on system reliability.', 'Protection measures against natural disasters, such as placing servers on higher floors to reduce vulnerability to floods, are discussed, highlighting the importance of physical safeguards.', 'The vulnerabilities to system failure are influenced by the quality of the components, with high-quality components resulting in lower vulnerability, contrasting with the higher vulnerability associated with low-quality components.']}, {'end': 1646.53, 'start': 1434.946, 'title': 'Protecting systems from human interference', 'summary': 'Discusses the vulnerabilities to accidental and malicious human interference, emphasizing the importance of setting up proper permissions, security systems, and physical protections to mitigate the risk of data deletion, theft, interception, and impersonation.', 'duration': 211.584, 'highlights': ['Setting up correct permissions and group policies can significantly reduce the vulnerability to accidental data deletion, as individuals without the rights to delete files or folders will be unable to do so.', 'Implementing physical security measures such as a dedicated server room with a steel door and proper locks can greatly lower the vulnerability to theft of server equipment.', 'Having first-class firewalls, antivirus systems, and malware protection in place can substantially reduce the vulnerability to interception and hacking, while the absence of such security measures poses a high risk of interception and hacking.', 'Properly destroying sensitive documentation, such as shredding paperwork containing valuable information, can minimize the vulnerability to impersonation and identity theft.']}], 'duration': 355.276, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g1291254.jpg', 'highlights': ['The higher the quality of the equipment you buy, the less likelihood of system failures, emphasizing the impact of equipment quality on system reliability.', 'Protection measures against natural disasters, such as placing servers on higher floors to reduce vulnerability to floods, are discussed, highlighting the importance of physical safeguards.', 'Setting up correct permissions and group policies can significantly reduce the vulnerability to accidental data deletion, as individuals without the rights to delete files or folders will be unable to do so.', 'Implementing physical security measures such as a dedicated server room with a steel door and proper locks can greatly lower the vulnerability to theft of server equipment.', 'Having first-class firewalls, antivirus systems, and malware protection in place can substantially reduce the vulnerability to interception and hacking, while the absence of such security measures poses a high risk of interception and hacking.']}, {'end': 2085.054, 'segs': [{'end': 1834.409, 'src': 'heatmap', 'start': 1785.642, 'weight': 0.821, 'content': [{'end': 1792.364, 'text': "Now, of course, the first thing that everybody thinks about, because we're all computer people, are the technological safeguards.", 'start': 1785.642, 'duration': 6.722}, {'end': 1796.685, 'text': 'So things like do you have firewalls set up??', 'start': 1792.784, 'duration': 3.901}, {'end': 1799.486, 'text': 'Do you have group policies set up??', 'start': 1797.065, 'duration': 2.421}, {'end': 1802.547, 'text': 'Do you have antivirus software?', 'start': 1800.126, 'duration': 2.421}, {'end': 1810.091, 'text': 'So these are the technological ways that you can protect your systems.', 'start': 1804.286, 'duration': 5.805}, {'end': 1812.633, 'text': 'Do you have a good backup system??', 'start': 1810.191, 'duration': 2.442}, {'end': 1816.597, 'text': 'Do you have some kind of redundancy, some kind of clustering system??', 'start': 1812.974, 'duration': 3.623}, {'end': 1819.74, 'text': 'Firewalls policies, antivirus sharing, et cetera?', 'start': 1816.717, 'duration': 3.023}, {'end': 1824.704, 'text': 'These are all technological solutions where you can go out and you can buy a server,', 'start': 1820.14, 'duration': 4.564}, {'end': 1834.409, 'text': 'or You can buy a router or any of that and configure it to try to protect your systems, not just, like I say, from hackers and viruses coming in,', 'start': 1824.704, 'duration': 9.705}], 'summary': 'Implementing technological safeguards like firewalls, group policies, antivirus, backup systems, and redundancy can protect systems from threats like hackers and viruses.', 'duration': 48.767, 'max_score': 1785.642, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g1785642.jpg'}, {'end': 1927.285, 'src': 'embed', 'start': 1900.829, 'weight': 1, 'content': [{'end': 1907.314, 'text': "So what physical security means is it's actual the physical security for your devices and for your systems.", 'start': 1900.829, 'duration': 6.485}, {'end': 1910.437, 'text': 'Do you have a good lock on the door??', 'start': 1907.895, 'duration': 2.542}, {'end': 1912.438, 'text': 'So you know if you are.', 'start': 1910.957, 'duration': 1.481}, {'end': 1919.422, 'text': 'If all your computers are in a building, is there a good lock on the front door of the building??', 'start': 1913.499, 'duration': 5.923}, {'end': 1921.443, 'text': 'Can anybody in the world break in??', 'start': 1919.742, 'duration': 1.701}, {'end': 1924.904, 'text': 'Physical security deals with this.', 'start': 1922.243, 'duration': 2.661}, {'end': 1927.285, 'text': 'So this is where, like I say,', 'start': 1925.905, 'duration': 1.38}], 'summary': 'Physical security ensures protection for devices and systems through measures like locks on doors and buildings.', 'duration': 26.456, 'max_score': 1900.829, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g1900829.jpg'}, {'end': 1991.959, 'src': 'embed', 'start': 1955.283, 'weight': 0, 'content': [{'end': 1960.75, 'text': 'They then have to continuously break into all these doors in order to steal computers.', 'start': 1955.283, 'duration': 5.467}, {'end': 1964.434, 'text': 'So if you have good physical security set up,', 'start': 1961.19, 'duration': 3.244}, {'end': 1971.963, 'text': 'you may make it just too much of a pain in the butt for people to be able to actually gain access and do any damage or steal anything.', 'start': 1964.434, 'duration': 7.529}, {'end': 1981.191, 'text': 'Again, you know an irate employee If a server is sitting out in the open where anybody can see it, he can come along and just kick that thing,', 'start': 1972.423, 'duration': 8.768}, {'end': 1983.933, 'text': "because there's no physical security around that server.", 'start': 1981.191, 'duration': 2.742}, {'end': 1985.154, 'text': 'Whereas, again,', 'start': 1984.053, 'duration': 1.101}, {'end': 1991.959, 'text': 'if you have your server sitting in a server room and I keep saying this because more small businesses should have their servers in server rooms,', 'start': 1985.154, 'duration': 6.805}], 'summary': 'Good physical security can deter theft and damage, such as kicking a server in the open, emphasizing the need for server rooms for small businesses.', 'duration': 36.676, 'max_score': 1955.283, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g1955283.jpg'}, {'end': 2042.198, 'src': 'embed', 'start': 2011.278, 'weight': 3, 'content': [{'end': 2023.423, 'text': 'Operational security is is the security around how things happen or where things are stored in the business.', 'start': 2011.278, 'duration': 12.145}, {'end': 2026.005, 'text': 'So operational security.', 'start': 2023.963, 'duration': 2.042}, {'end': 2033.751, 'text': 'imagine if somebody did want to come in and steal your server but there was no room in your building.', 'start': 2026.005, 'duration': 7.746}, {'end': 2035.573, 'text': 'that said, server room on it.', 'start': 2033.751, 'duration': 1.822}, {'end': 2042.198, 'text': "The idea with operational security is that people don't know where the important things are.", 'start': 2036.113, 'duration': 6.085}], 'summary': 'Operational security hides important assets from potential threats.', 'duration': 30.92, 'max_score': 2011.278, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g2011278.jpg'}], 'start': 1646.87, 'title': 'It security measures and risk reduction', 'summary': 'Discusses risk as a product of threat and vulnerability, emphasizing the importance of reducing vulnerability to mitigate risk. it also covers technological and physical safeguards including firewalls, antivirus software, and operational security measures to protect it systems.', 'chapters': [{'end': 1785.162, 'start': 1646.87, 'title': 'Understanding risk and vulnerability', 'summary': 'Discusses the concept of risk as a product of threat and vulnerability, emphasizing the importance of reducing vulnerability to mitigate risk, exemplified by moving server systems to the cloud to eliminate vulnerability to floods.', 'duration': 138.292, 'highlights': ['Moving server systems to the cloud or to higher floors of buildings can significantly reduce vulnerability to threats such as floods, ultimately mitigating risk.', 'Risk is a product of threat and vulnerability, where reducing vulnerability is crucial in minimizing risk, as demonstrated by the example of moving server systems to the cloud to eliminate vulnerability to floods.', 'Emphasizing the significance of vulnerability in determining risk, with the example of a business moving its server off into the cloud and consequently having zero vulnerability and minimal risk despite the threat of a flood.', 'Explaining the relationship between risk, threat, and vulnerability, highlighting that risk is zero when there is no threat or vulnerability, and cautioning against attaching specific numerical values to vulnerability and threat at this stage.', 'Clarifying the distinction between threats (external forces attacking systems) and vulnerabilities (the susceptibility of systems to these attacks), and underscoring the impact of reducing vulnerability in minimizing risk.', 'Stressing the importance of considering vulnerability and threat in assessing risk, cautioning against assigning numerical values to vulnerability and threat at this stage, and emphasizing the lack of significance in such numerical assessments.']}, {'end': 2085.054, 'start': 1785.642, 'title': 'It security measures', 'summary': 'Discusses technological safeguards including firewalls, group policies, antivirus software, backup systems, redundancy, and virtualization, as well as the significance of physical and operational security measures in protecting it systems from unauthorized access or theft.', 'duration': 299.412, 'highlights': ['Technological safeguards such as firewalls, group policies, antivirus software, backup systems, redundancy, and virtualization are essential for protecting IT systems. ', 'Physical security measures, including locks on doors, securing server rooms, and ensuring limited access, are vital to prevent unauthorized access and theft of IT equipment. ', 'Operational security, which involves limiting access to important areas and information within the business, plays a crucial role in preventing theft or unauthorized access to IT equipment. ']}], 'duration': 438.184, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g1646870.jpg', 'highlights': ['Moving server systems to the cloud or to higher floors of buildings can significantly reduce vulnerability to threats such as floods, ultimately mitigating risk.', 'Technological safeguards such as firewalls, group policies, antivirus software, backup systems, redundancy, and virtualization are essential for protecting IT systems.', 'Risk is a product of threat and vulnerability, where reducing vulnerability is crucial in minimizing risk, as demonstrated by the example of moving server systems to the cloud to eliminate vulnerability to floods.', 'Physical security measures, including locks on doors, securing server rooms, and ensuring limited access, are vital to prevent unauthorized access and theft of IT equipment.', 'Emphasizing the significance of vulnerability in determining risk, with the example of a business moving its server off into the cloud and consequently having zero vulnerability and minimal risk despite the threat of a flood.']}, {'end': 2432.849, 'segs': [{'end': 2141.066, 'src': 'embed', 'start': 2108.009, 'weight': 1, 'content': [{'end': 2112.03, 'text': 'They would start yanking out all these cards and throwing it in their little tool bag.', 'start': 2108.009, 'duration': 4.021}, {'end': 2115.941, 'text': 'They would close up their tool bag and they would walk out and say, �Thank you, ma�am.', 'start': 2112.57, 'duration': 3.371}, {'end': 2122.853, 'text': '� Well, the reason that they were able to do that is because there was no access control onto that server room.', 'start': 2115.941, 'duration': 6.912}, {'end': 2128.034, 'text': 'Anybody in the world was allowed to just walk in there and do whatever they wanted.', 'start': 2123.113, 'duration': 4.921}, {'end': 2130.076, 'text': "So that's something that you have to think about.", 'start': 2128.494, 'duration': 1.582}, {'end': 2133.219, 'text': "with operational security is who's allowed to know what?", 'start': 2130.076, 'duration': 3.143}, {'end': 2141.066, 'text': 'If somebody just walks in off the street and starts asking you about your server system, are you going to answer their questions??', 'start': 2133.339, 'duration': 7.727}], 'summary': 'Lack of access control allowed unauthorized access to server room, posing security risk.', 'duration': 33.057, 'max_score': 2108.009, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g2108009.jpg'}, {'end': 2432.849, 'src': 'embed', 'start': 2392.386, 'weight': 0, 'content': [{'end': 2396.408, 'text': 'If a disaster happens, what are you going to do?', 'start': 2392.386, 'duration': 4.022}, {'end': 2403.951, 'text': 'These are the protections that you can have for the event of risk, for the event of something catastrophic happen.', 'start': 2396.928, 'duration': 7.023}, {'end': 2406.592, 'text': 'Again, everybody thinks about technological safeguards.', 'start': 2404.031, 'duration': 2.561}, {'end': 2407.413, 'text': 'It is.', 'start': 2407.133, 'duration': 0.28}, {'end': 2408.453, 'text': "It's a very important thing.", 'start': 2407.513, 'duration': 0.94}, {'end': 2410.574, 'text': "But it's not the only thing to fixate on.", 'start': 2408.493, 'duration': 2.081}, {'end': 2411.855, 'text': 'Again, physical security.', 'start': 2410.614, 'duration': 1.241}, {'end': 2417.198, 'text': "making sure there's good locks, making sure there's bars on windows if you need it, etc.", 'start': 2412.515, 'duration': 4.683}, {'end': 2420.601, 'text': 'operational security who has access to the server room?', 'start': 2417.198, 'duration': 3.403}, {'end': 2422.282, 'text': 'who is allowed into the building?', 'start': 2420.601, 'duration': 1.681}, {'end': 2425.064, 'text': 'you know a lot of a lot of these big businesses.', 'start': 2422.282, 'duration': 2.782}, {'end': 2429.787, 'text': 'allow anybody in the world just to be able to walk through the the building and scope it out.', 'start': 2425.064, 'duration': 4.723}, {'end': 2431.228, 'text': 'you should have operational security.', 'start': 2429.787, 'duration': 1.441}, {'end': 2432.849, 'text': 'you know you have a receptionist.', 'start': 2431.228, 'duration': 1.621}], 'summary': 'Importance of various protections for disaster preparedness, including physical and operational security measures.', 'duration': 40.463, 'max_score': 2392.386, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g2392386.jpg'}], 'start': 2085.074, 'title': 'Importance of security breach response', 'summary': 'Discusses a security breach at a telephone company involving a $30,000 theft due to lack of access control, operational security, and emphasizes the importance of operational security, data protection, disaster planning, and documentation in mitigating risks and ensuring business continuity.', 'chapters': [{'end': 2128.034, 'start': 2085.074, 'title': 'Security breach at telephone company', 'summary': 'Discusses a security breach at a telephone company where cards worth up to $30,000 were stolen due to lack of access control and operational security, allowing unauthorized individuals to walk in and steal the cards.', 'duration': 42.96, 'highlights': ['Unauthorized individuals stole cards worth up to $30,000 due to lack of access control and operational security.', 'The thieves would walk in with little uniforms resembling those of a telephone company, yank out cards from the server room, and walk out without any hindrance.', 'The lack of access control allowed anyone in the world to enter the server room and steal the cards.']}, {'end': 2258.217, 'start': 2128.494, 'title': 'Operational security and documentation importance', 'summary': 'Discusses the importance of operational security in controlling access to sensitive information and highlights the critical role of documentation in reducing downtime and ensuring efficient system recovery and business operations.', 'duration': 129.723, 'highlights': ['Documentation is crucial for efficient system recovery and business operations, as it enables technicians to access critical information and configurations, reducing downtime and facilitating faster problem resolution.', 'Operational security involves controlling access to sensitive information, such as server room locations, documentation, and points of contact, to protect against unauthorized inquiries or breaches.', 'Lack of documentation poses a significant risk to companies, as it hinders the quick restoration of systems and business operations during downtime, emphasizing the importance of maintaining comprehensive records and information about configurations and setups.', 'The refusal to disclose sensitive information to unauthorized individuals demonstrates the commitment to operational security, safeguarding against potential breaches and unauthorized access to critical network infrastructure.']}, {'end': 2432.849, 'start': 2258.217, 'title': 'Data protection & disaster plan', 'summary': 'Emphasizes the importance of data protection and disaster planning in the event of a server crash or catastrophic event, highlighting the need for accessible software documentation, a well-defined disaster plan, and operational security measures to mitigate risk and ensure business continuity.', 'duration': 174.632, 'highlights': ['The need for accessible software documentation and server disks to restore servers in the event of a crash is highlighted, with examples of time-saving measures and potential downtime reduction. The speaker emphasizes the importance of keeping software and server disks accessible to quickly restore the system, citing examples of time saved with proper documentation and specific disks, thereby reducing potential downtime.', 'The significance of a well-defined disaster plan and the importance of identifying key personnel and steps to be taken in the event of server failure are underscored, emphasizing the role of a comprehensive plan in expediting recovery. The importance of a well-defined disaster plan is emphasized, stressing the need to identify key personnel and steps to be taken in the event of server failure to expedite recovery and minimize impact on business operations.', 'The speaker stresses the role of operational security measures, including physical security and controlled access to server rooms, as crucial components in safeguarding technological assets and business continuity. Emphasizing the significance of operational security, the speaker highlights the need for physical security and controlled access to server rooms to safeguard technological assets and ensure business continuity.']}], 'duration': 347.775, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g2085074.jpg', 'highlights': ['Unauthorized individuals stole cards worth up to $30,000 due to lack of access control and operational security.', 'Documentation is crucial for efficient system recovery and business operations, enabling technicians to access critical information and configurations, reducing downtime.', 'Operational security involves controlling access to sensitive information, such as server room locations, documentation, and points of contact, to protect against unauthorized inquiries or breaches.', 'The need for accessible software documentation and server disks to restore servers in the event of a crash is highlighted, emphasizing the importance of keeping software and server disks accessible to quickly restore the system.', 'The significance of a well-defined disaster plan and the importance of identifying key personnel and steps to be taken in the event of server failure are underscored, emphasizing the role of a comprehensive plan in expediting recovery.', 'The lack of access control allowed anyone in the world to enter the server room and steal the cards.', 'Lack of documentation poses a significant risk to companies, hindering the quick restoration of systems and business operations during downtime.', 'The refusal to disclose sensitive information to unauthorized individuals demonstrates the commitment to operational security, safeguarding against potential breaches and unauthorized access to critical network infrastructure.', 'The speaker stresses the role of operational security measures, including physical security and controlled access to server rooms, as crucial components in safeguarding technological assets and business continuity.']}, {'end': 2778.197, 'segs': [{'end': 2544.148, 'src': 'heatmap', 'start': 2440.634, 'weight': 0.709, 'content': [{'end': 2442.295, 'text': 'Huge, if a system goes down.', 'start': 2440.634, 'duration': 1.661}, {'end': 2446.698, 'text': 'Again, downtime is lost money, getting systems back up and running.', 'start': 2442.736, 'duration': 3.962}, {'end': 2449.1, 'text': 'Then, overall, what is the disaster plan?', 'start': 2446.738, 'duration': 2.362}, {'end': 2452.582, 'text': 'When disaster strikes, what are you going to do about it?', 'start': 2449.22, 'duration': 3.362}, {'end': 2460.687, 'text': 'Now we should talk about something called mitigation.', 'start': 2458.485, 'duration': 2.202}, {'end': 2472.041, 'text': 'The way I think about mitigation is basically mitigation is trying to make bad not so bad the next time.', 'start': 2463.735, 'duration': 8.306}, {'end': 2481.247, 'text': 'So mitigation is the process of when a disaster happens or when something catastrophic to your system happens.', 'start': 2472.561, 'duration': 8.686}, {'end': 2492.514, 'text': 'you fix what happened, you look to see why what happened happened and then you try to prevent it from happening in the future.', 'start': 2481.247, 'duration': 11.267}, {'end': 2501.137, 'text': "or, if you can't prevent the disaster from happening in the future, you try to make the consequences less bad, as I would say.", 'start': 2492.514, 'duration': 8.623}, {'end': 2507.646, 'text': 'So basically, you have the event, you have something bad happens, Then you, of course, go to response.', 'start': 2501.197, 'duration': 6.449}, {'end': 2510.309, 'text': 'So then you respond to the problem.', 'start': 2507.966, 'duration': 2.343}, {'end': 2512.632, 'text': 'So a server crashes, et cetera.', 'start': 2510.329, 'duration': 2.303}, {'end': 2514.914, 'text': 'So you have the event, then you do the response.', 'start': 2513.172, 'duration': 1.742}, {'end': 2516.777, 'text': 'This is where you do your disaster plan.', 'start': 2514.934, 'duration': 1.843}, {'end': 2520.041, 'text': 'This is where you pull out all your documentation, et cetera.', 'start': 2516.797, 'duration': 3.244}, {'end': 2522.544, 'text': 'After that, you analyze.', 'start': 2520.842, 'duration': 1.702}, {'end': 2529.583, 'text': 'what happened so why did this event occur so uh.', 'start': 2524.582, 'duration': 5.001}, {'end': 2530.504, 'text': "so let's talk about.", 'start': 2529.583, 'duration': 0.921}, {'end': 2531.864, 'text': "let's say, you know i was talking about.", 'start': 2530.504, 'duration': 1.36}, {'end': 2534.185, 'text': 'you know when people buy crappy equipment.', 'start': 2531.864, 'duration': 2.321}, {'end': 2537.766, 'text': 'so you have a server that runs your entire business.', 'start': 2534.185, 'duration': 3.581}, {'end': 2541.367, 'text': 'but you know the boss bought it off of ebay for two hundred dollars.', 'start': 2537.766, 'duration': 3.601}, {'end': 2544.148, 'text': 'so the event is that your server crashed.', 'start': 2541.367, 'duration': 2.781}], 'summary': 'Mitigation aims to minimize impact of disasters, downtime equals lost money.', 'duration': 103.514, 'max_score': 2440.634, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g2440634.jpg'}, {'end': 2541.367, 'src': 'embed', 'start': 2492.514, 'weight': 0, 'content': [{'end': 2501.137, 'text': "or, if you can't prevent the disaster from happening in the future, you try to make the consequences less bad, as I would say.", 'start': 2492.514, 'duration': 8.623}, {'end': 2507.646, 'text': 'So basically, you have the event, you have something bad happens, Then you, of course, go to response.', 'start': 2501.197, 'duration': 6.449}, {'end': 2510.309, 'text': 'So then you respond to the problem.', 'start': 2507.966, 'duration': 2.343}, {'end': 2512.632, 'text': 'So a server crashes, et cetera.', 'start': 2510.329, 'duration': 2.303}, {'end': 2514.914, 'text': 'So you have the event, then you do the response.', 'start': 2513.172, 'duration': 1.742}, {'end': 2516.777, 'text': 'This is where you do your disaster plan.', 'start': 2514.934, 'duration': 1.843}, {'end': 2520.041, 'text': 'This is where you pull out all your documentation, et cetera.', 'start': 2516.797, 'duration': 3.244}, {'end': 2522.544, 'text': 'After that, you analyze.', 'start': 2520.842, 'duration': 1.702}, {'end': 2529.583, 'text': 'what happened so why did this event occur so uh.', 'start': 2524.582, 'duration': 5.001}, {'end': 2530.504, 'text': "so let's talk about.", 'start': 2529.583, 'duration': 0.921}, {'end': 2531.864, 'text': "let's say, you know i was talking about.", 'start': 2530.504, 'duration': 1.36}, {'end': 2534.185, 'text': 'you know when people buy crappy equipment.', 'start': 2531.864, 'duration': 2.321}, {'end': 2537.766, 'text': 'so you have a server that runs your entire business.', 'start': 2534.185, 'duration': 3.581}, {'end': 2541.367, 'text': 'but you know the boss bought it off of ebay for two hundred dollars.', 'start': 2537.766, 'duration': 3.601}], 'summary': 'In disaster management, respond, analyze, and mitigate effects. for example, analyze a server crash to prevent future occurrences.', 'duration': 48.853, 'max_score': 2492.514, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g2492514.jpg'}, {'end': 2610.643, 'src': 'embed', 'start': 2583.566, 'weight': 1, 'content': [{'end': 2589.37, 'text': "you then purchase and implement the higher level equipment so that hopefully the event doesn't happen again.", 'start': 2583.566, 'duration': 5.804}, {'end': 2596.454, 'text': 'If the event does happen again, then you go through the response, then you do the analysis, and then you do mitigation.', 'start': 2589.731, 'duration': 6.723}, {'end': 2604.979, 'text': "So the idea with mitigation is you're trying to keep the events from happening again, or at least trying to make them so that they're not so bad.", 'start': 2596.494, 'duration': 8.485}, {'end': 2610.643, 'text': "So let's say that your computer, your server gets infected with viruses.", 'start': 2605.459, 'duration': 5.184}], 'summary': 'Implement higher level equipment to prevent and mitigate future events like virus infections.', 'duration': 27.077, 'max_score': 2583.566, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g2583566.jpg'}, {'end': 2757.098, 'src': 'embed', 'start': 2731.246, 'weight': 3, 'content': [{'end': 2736.768, 'text': "we've come up with something, so maybe the server is dead, but everything got backed up into the cloud.", 'start': 2731.246, 'duration': 5.522}, {'end': 2738.689, 'text': 'well, hey, we still have our data.', 'start': 2736.768, 'duration': 1.921}, {'end': 2742.491, 'text': 'so so what can we do to try to mitigate this happening in the future again?', 'start': 2738.689, 'duration': 3.802}, {'end': 2747.633, 'text': "if it's flood, maybe you you put the, put the, the servers up in the cloud or something.", 'start': 2742.491, 'duration': 5.142}, {'end': 2750.755, 'text': 'but this is the the basic idea mitigation.', 'start': 2747.633, 'duration': 3.122}, {'end': 2754.756, 'text': 'mitigation is trying to prevent the event from happening again or making it less bad.', 'start': 2750.755, 'duration': 4.001}, {'end': 2757.098, 'text': 'you can never prevent All events.', 'start': 2754.756, 'duration': 2.342}], 'summary': 'Data backed up in the cloud for server failure mitigation.', 'duration': 25.852, 'max_score': 2731.246, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g2731246.jpg'}], 'start': 2432.849, 'title': 'Disaster recovery and mitigation', 'summary': 'Emphasizes the importance of disaster recovery, downtime implications, and the concept of mitigation in preventing future disasters in the it system, emphasizing the need for a solid disaster plan. it also discusses the disaster mitigation process, including response, analysis, and mitigation to prevent or minimize the impact of future events, such as server crashes and virus infections, by implementing higher quality equipment and antivirus software.', 'chapters': [{'end': 2492.514, 'start': 2432.849, 'title': 'Disaster recovery and mitigation', 'summary': 'Discusses the importance of disaster recovery, downtime implications, and the concept of mitigation in preventing future disasters in the it system, emphasizing the need for a solid disaster plan.', 'duration': 59.665, 'highlights': ['Mitigation is the process of fixing and preventing future catastrophic events in the IT system, reducing the impact of potential disasters.', 'Downtime results in lost money, emphasizing the financial impact of system failures.', 'Emphasizes the need for a solid disaster plan when disaster strikes, highlighting the importance of preparedness in IT management.', 'Documentation and proper storage of software are crucial for system security and maintenance, ensuring that access is controlled and authorized.']}, {'end': 2778.197, 'start': 2492.514, 'title': 'Disaster mitigation process', 'summary': 'Discusses the disaster mitigation process, emphasizing the cycle of response, analysis, and mitigation to prevent or minimize the impact of future events, such as server crashes and virus infections, by implementing higher quality equipment and antivirus software.', 'duration': 285.683, 'highlights': ['Implementing higher quality equipment and antivirus software as part of the mitigation process By analyzing the causes of server crashes and virus infections, the transcript highlights the importance of implementing higher quality equipment and antivirus software as part of the mitigation process to prevent or minimize future occurrences.', "The cycle of response, analysis, and mitigation to prevent or minimize the impact of future events The transcript emphasizes the cyclical nature of disaster response, analysis, and mitigation to prevent or minimize the impact of future events, such as server crashes and virus infections, thereby ensuring continuous improvement in the system's resilience.", 'The importance of disaster mitigation in preventing or minimizing the impact of future events The chapter underscores the significance of disaster mitigation in preventing or minimizing the impact of future events, highlighting its role in safeguarding businesses from potential devastation and loss of critical data and systems.']}], 'duration': 345.348, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g2432849.jpg', 'highlights': ['Mitigation is the process of fixing and preventing future catastrophic events in the IT system, reducing the impact of potential disasters.', 'Downtime results in lost money, emphasizing the financial impact of system failures.', 'Emphasizes the need for a solid disaster plan when disaster strikes, highlighting the importance of preparedness in IT management.', 'Documentation and proper storage of software are crucial for system security and maintenance, ensuring that access is controlled and authorized.', 'Implementing higher quality equipment and antivirus software as part of the mitigation process By analyzing the causes of server crashes and virus infections, the transcript highlights the importance of implementing higher quality equipment and antivirus software as part of the mitigation process to prevent or minimize future occurrences.', "The cycle of response, analysis, and mitigation to prevent or minimize the impact of future events The transcript emphasizes the cyclical nature of disaster response, analysis, and mitigation to prevent or minimize the impact of future events, such as server crashes and virus infections, thereby ensuring continuous improvement in the system's resilience.", 'The importance of disaster mitigation in preventing or minimizing the impact of future events The chapter underscores the significance of disaster mitigation in preventing or minimizing the impact of future events, highlighting its role in safeguarding businesses from potential devastation and loss of critical data and systems.']}, {'end': 3432.26, 'segs': [{'end': 2824.79, 'src': 'embed', 'start': 2778.237, 'weight': 1, 'content': [{'end': 2779.078, 'text': "We've talked about threat.", 'start': 2778.237, 'duration': 0.841}, {'end': 2780.279, 'text': "We've talked about vulnerability.", 'start': 2779.118, 'duration': 1.161}, {'end': 2782.201, 'text': "We've talked about the ideas of protection.", 'start': 2780.299, 'duration': 1.902}, {'end': 2783.983, 'text': "We're going to talk about more in other classes.", 'start': 2782.241, 'duration': 1.742}, {'end': 2785.564, 'text': "And we've talked about mitigation.", 'start': 2784.083, 'duration': 1.481}, {'end': 2788.287, 'text': "So now we're going to talk about the most important thing for you.", 'start': 2785.905, 'duration': 2.382}, {'end': 2791.49, 'text': 'And that is, of course, money.', 'start': 2788.788, 'duration': 2.702}, {'end': 2792.531, 'text': 'It is greenbacks.', 'start': 2791.711, 'duration': 0.82}, {'end': 2796.856, 'text': 'Because remember, we are infrastructure people.', 'start': 2792.631, 'duration': 4.225}, {'end': 2798.197, 'text': 'We are support people.', 'start': 2797.016, 'duration': 1.181}, {'end': 2800.159, 'text': 'We support data.', 'start': 2798.597, 'duration': 1.562}, {'end': 2803.601, 'text': "Businesses Businesses don't exist for us.", 'start': 2800.399, 'duration': 3.202}, {'end': 2805.541, 'text': 'We exist for businesses.', 'start': 2804.061, 'duration': 1.48}, {'end': 2815.846, 'text': 'So when we go in to ask, demand et cetera better protection systems, server rooms, firewall, antivirus, et cetera,', 'start': 2805.902, 'duration': 9.944}, {'end': 2821.188, 'text': 'we have to have a business justification for doing it.', 'start': 2815.846, 'duration': 5.342}, {'end': 2822.869, 'text': 'You need to understand.', 'start': 2821.669, 'duration': 1.2}, {'end': 2824.79, 'text': 'you really need to have in your head.', 'start': 2822.869, 'duration': 1.921}], 'summary': 'Emphasizing the importance of business justification for implementing protection systems in infrastructure support.', 'duration': 46.553, 'max_score': 2778.237, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g2778237.jpg'}, {'end': 3248.299, 'src': 'embed', 'start': 3182.418, 'weight': 0, 'content': [{'end': 3186.92, 'text': "But there's more to protecting your systems than simply firewalls and antivirus.", 'start': 3182.418, 'duration': 4.502}, {'end': 3189.021, 'text': "There's physical and operational security.", 'start': 3187.26, 'duration': 1.761}, {'end': 3191.983, 'text': 'Again, do you have deadbolts on the door??', 'start': 3189.101, 'duration': 2.882}, {'end': 3196.805, 'text': 'Do you have a security guard walking around the premises to make sure nobody steals anything?', 'start': 3192.883, 'duration': 3.922}, {'end': 3198.386, 'text': 'Operational security.', 'start': 3197.305, 'duration': 1.081}, {'end': 3207.733, 'text': "Who is allowed into the server room? Do you have a big sign plastered on your server room saying server room? I would suggest you don't.", 'start': 3198.726, 'duration': 9.007}, {'end': 3212.616, 'text': 'Put a little out of order bathroom sign on it or something.', 'start': 3208.874, 'duration': 3.742}, {'end': 3216.84, 'text': 'If somebody came in to steal your server, would they be able to figure out where it is??', 'start': 3212.897, 'duration': 3.943}, {'end': 3225.066, 'text': 'In the old days, with the Pentagon or with old government security agencies, they used to have long hallways.', 'start': 3217.56, 'duration': 7.506}, {'end': 3228.567, 'text': 'with doors with no numbers on the doors.', 'start': 3225.926, 'duration': 2.641}, {'end': 3235.531, 'text': 'The reason is, is because if you were supposed to be there, you would know the door to enter.', 'start': 3229.088, 'duration': 6.443}, {'end': 3239.273, 'text': 'You would know what room was room 105.', 'start': 3235.651, 'duration': 3.622}, {'end': 3242.694, 'text': 'If you were not supposed to be there, you would have no idea what room is 105.', 'start': 3239.273, 'duration': 3.421}, {'end': 3245.496, 'text': "So that's the concept between operational security.", 'start': 3242.694, 'duration': 2.802}, {'end': 3247.218, 'text': 'Again, we talked about documentation.', 'start': 3245.937, 'duration': 1.281}, {'end': 3248.299, 'text': 'Documentation is huge.', 'start': 3247.258, 'duration': 1.041}], 'summary': 'Importance of operational security, including physical access control and documentation for system protection.', 'duration': 65.881, 'max_score': 3182.418, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g3182418.jpg'}, {'end': 3294.921, 'src': 'embed', 'start': 3267.778, 'weight': 6, 'content': [{'end': 3274.166, 'text': "And then finally, if the worst case scenario does happen, what is the disaster plan? We'll talk about this more in other classes.", 'start': 3267.778, 'duration': 6.388}, {'end': 3284.357, 'text': 'But if a flood does come through, do you have the backups somewhere? Can you get a system up and running, etc.? We talked about mitigation.', 'start': 3274.567, 'duration': 9.79}, {'end': 3294.921, 'text': 'So mitigation is trying to prevent future occurrences of the event, or if there is a future occurrence, making the repercussions less bad.', 'start': 3284.758, 'duration': 10.163}], 'summary': 'Mitigation plans for disaster scenarios to prevent or minimize repercussions.', 'duration': 27.143, 'max_score': 3267.778, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g3267778.jpg'}, {'end': 3429.738, 'src': 'heatmap', 'start': 3403.104, 'weight': 0.831, 'content': [{'end': 3408.667, 'text': "If you just go in and you say, our systems are vulnerable, I need $20, 000, they're not going to give it to you.", 'start': 3403.104, 'duration': 5.563}, {'end': 3415.009, 'text': 'So this class, again, was introduction to risk assessment.', 'start': 3411.587, 'duration': 3.422}, {'end': 3416.17, 'text': 'This is a lot of theory.', 'start': 3415.209, 'duration': 0.961}, {'end': 3417.951, 'text': "The next class we're going to do.", 'start': 3416.69, 'duration': 1.261}, {'end': 3424.255, 'text': "we're going to get into more practical risk assessment, so you understand how to go in, how to look at things,", 'start': 3417.951, 'duration': 6.304}, {'end': 3425.796, 'text': 'to try to do a risk assessment of your own.', 'start': 3424.255, 'duration': 1.541}, {'end': 3429.738, 'text': "As you know, I'm Eli the Computer Guy over here for Everyman IT.", 'start': 3426.716, 'duration': 3.022}], 'summary': 'Intro to risk assessment. next class: practical risk assessment. eli the computer guy.', 'duration': 26.634, 'max_score': 3403.104, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g3403104.jpg'}], 'start': 2778.237, 'title': 'Business justification and risk assessment', 'summary': 'Emphasizes understanding business justification for security measures, focusing on cost, return on investment, and potential monetary loss, and obtaining buy-in from business owners with quantifiable data to mitigate risks and vulnerabilities in systems.', 'chapters': [{'end': 2977.456, 'start': 2778.237, 'title': 'Business justification for security measures', 'summary': 'Emphasizes the importance of understanding the business justification for implementing security measures, with a focus on cost, return on investment, and potential monetary loss, to ensure successful proposals for protection systems and infrastructure.', 'duration': 199.219, 'highlights': ['Understanding the business justification for security measures is crucial, with a focus on cost, return on investment, and potential monetary loss to ensure successful proposals for protection systems and infrastructure.', 'Businesses prioritize return on investment, as a higher return than the cost justifies the implementation of security measures, while a lower return may lead to denial of proposals.', 'The significance of monetary loss is highlighted, with examples illustrating the impact of server downtime on businesses, emphasizing the need for protective measures to mitigate potential financial losses.', 'Effective communication and trust-building with business stakeholders are emphasized as essential for successful implementation of security solutions, ensuring that proposals are given due consideration based on their business impact.']}, {'end': 3432.26, 'start': 2977.456, 'title': 'Introduction to risk assessment', 'summary': 'Emphasizes the importance of obtaining buy-in from business owners by presenting quantifiable data, such as return on investment, to mitigate risks and vulnerabilities in systems.', 'duration': 454.804, 'highlights': ['The importance of obtaining buy-in from business owners by presenting quantifiable data, such as return on investment, to mitigate risks and vulnerabilities in systems. Emphasizes the need for buy-in from business owners through presenting quantifiable data, such as return on investment, to mitigate risks and vulnerabilities in systems.', 'Risk assessment is a business concept that revolves around financial implications, requiring the presentation of numbers and figures to justify investments in security solutions. Highlights risk assessment as a business concept focused on financial implications, necessitating the presentation of numbers and figures to justify investments in security solutions.', 'The concept of risk assessment based on threat and vulnerability, where the absence of threat or vulnerability diminishes the overall risk to the system. Explains the concept of risk assessment based on threat and vulnerability, highlighting that the absence of either diminishes the overall risk to the system.', 'The multifaceted approach to system protection, including technological safeguards, physical and operational security, documentation, disaster planning, and mitigation strategies. Discusses the multifaceted approach to system protection encompassing technological safeguards, physical and operational security, documentation, disaster planning, and mitigation strategies.', 'The necessity of obtaining buy-in from business owners through presenting quantifiable data, such as return on investment, to justify security investments. Underlines the necessity of obtaining buy-in from business owners through presenting quantifiable data, such as return on investment, to justify security investments.']}], 'duration': 654.023, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/EWdfovZIg2g/pics/EWdfovZIg2g2778237.jpg', 'highlights': ['Understanding business justification for security measures is crucial, focusing on cost, return on investment, and potential monetary loss.', 'Businesses prioritize return on investment, as a higher return than the cost justifies the implementation of security measures.', 'Effective communication and trust-building with business stakeholders are essential for successful implementation of security solutions.', 'Obtaining buy-in from business owners by presenting quantifiable data, such as return on investment, to mitigate risks and vulnerabilities in systems is crucial.', 'Risk assessment is a business concept focused on financial implications, necessitating the presentation of numbers and figures to justify investments in security solutions.', 'The concept of risk assessment is based on threat and vulnerability, where the absence of either diminishes the overall risk to the system.', 'The multifaceted approach to system protection encompasses technological safeguards, physical and operational security, documentation, disaster planning, and mitigation strategies.']}], 'highlights': ['Various business risks are discussed, including financial losses from fraud, legal issues, and data theft.', 'The importance of considering natural disasters as a significant threat to business systems is highlighted.', "Emphasis on assessing risk levels using the equation 'risk = threat times vulnerability'.", 'Understanding both technology and business is crucial for effective risk assessment.', 'The threat of system failure is heightened by using low-quality components such as secondhand Linksys gear.', 'The possibilities for natural disasters are unpredictable, with the next flood potentially occurring in 100 years or tomorrow.', 'Accidental human interference poses a significant threat, including the risk of data deletion and network settings reconfiguration.', 'Malicious human threats encompass impersonation, interception, and interference, with a focus on damaging the business, stealing data, and identity theft.', 'Natural disasters also pose a significant threat to information systems, and it is important to consider and address these risks.', 'Protection measures against natural disasters, such as placing servers on higher floors to reduce vulnerability to floods, are discussed, highlighting the importance of physical safeguards.', 'Setting up correct permissions and group policies can significantly reduce the vulnerability to accidental data deletion, as individuals without the rights to delete files or folders will be unable to do so.', 'Implementing physical security measures such as a dedicated server room with a steel door and proper locks can greatly lower the vulnerability to theft of server equipment.', 'Having first-class firewalls, antivirus systems, and malware protection in place can substantially reduce the vulnerability to interception and hacking, while the absence of such security measures poses a high risk of interception and hacking.', 'Moving server systems to the cloud or to higher floors of buildings can significantly reduce vulnerability to threats such as floods, ultimately mitigating risk.', 'Technological safeguards such as firewalls, group policies, antivirus software, backup systems, redundancy, and virtualization are essential for protecting IT systems.', 'Risk is a product of threat and vulnerability, where reducing vulnerability is crucial in minimizing risk, as demonstrated by the example of moving server systems to the cloud to eliminate vulnerability to floods.', 'Physical security measures, including locks on doors, securing server rooms, and ensuring limited access, are vital to prevent unauthorized access and theft of IT equipment.', 'Emphasizing the significance of vulnerability in determining risk, with the example of a business moving its server off into the cloud and consequently having zero vulnerability and minimal risk despite the threat of a flood.', 'Documentation is crucial for efficient system recovery and business operations, enabling technicians to access critical information and configurations, reducing downtime.', 'Operational security involves controlling access to sensitive information, such as server room locations, documentation, and points of contact, to protect against unauthorized inquiries or breaches.', 'The need for accessible software documentation and server disks to restore servers in the event of a crash is highlighted, emphasizing the importance of keeping software and server disks accessible to quickly restore the system.', 'The significance of a well-defined disaster plan and the importance of identifying key personnel and steps to be taken in the event of server failure are underscored, emphasizing the role of a comprehensive plan in expediting recovery.', 'Mitigation is the process of fixing and preventing future catastrophic events in the IT system, reducing the impact of potential disasters.', 'Downtime results in lost money, emphasizing the financial impact of system failures.', 'Emphasizes the need for a solid disaster plan when disaster strikes, highlighting the importance of preparedness in IT management.', 'Documentation and proper storage of software are crucial for system security and maintenance, ensuring that access is controlled and authorized.', 'Implementing higher quality equipment and antivirus software as part of the mitigation process By analyzing the causes of server crashes and virus infections, the transcript highlights the importance of implementing higher quality equipment and antivirus software as part of the mitigation process to prevent or minimize future occurrences.', "The cycle of response, analysis, and mitigation to prevent or minimize the impact of future events The transcript emphasizes the cyclical nature of disaster response, analysis, and mitigation to prevent or minimize the impact of future events, such as server crashes and virus infections, thereby ensuring continuous improvement in the system's resilience.", 'The importance of disaster mitigation in preventing or minimizing the impact of future events The chapter underscores the significance of disaster mitigation in preventing or minimizing the impact of future events, highlighting its role in safeguarding businesses from potential devastation and loss of critical data and systems.', 'Understanding business justification for security measures is crucial, focusing on cost, return on investment, and potential monetary loss.', 'Businesses prioritize return on investment, as a higher return than the cost justifies the implementation of security measures.', 'Effective communication and trust-building with business stakeholders are essential for successful implementation of security solutions.', 'Obtaining buy-in from business owners by presenting quantifiable data, such as return on investment, to mitigate risks and vulnerabilities in systems is crucial.', 'Risk assessment is a business concept focused on financial implications, necessitating the presentation of numbers and figures to justify investments in security solutions.', 'The concept of risk assessment is based on threat and vulnerability, where the absence of either diminishes the overall risk to the system.', 'The multifaceted approach to system protection encompasses technological safeguards, physical and operational security, documentation, disaster planning, and mitigation strategies.']}