Oct 30, 2019
OWASP WIA - https://www.youtube.com/watch?v=umnt0qbOPsE
OWASP Women in AppSec
Twitter: 2013_Nayak (reach and ask to be added)
Risk in Infosec
Risk - a situation which involves extreme danger and extensive amount of unrecovered loss
What about risks that are positive in nature? PMP calls them ‘opportunities’
Risk Analysis - systemic examination of the components and characteristics of risk
Analysis Steps -
Understanding and Assessment
Understand there is a risk
What if a company does not have security standards?
Identify and categorize risk -
Scope of risk analysis?
Threat modeling to find risks?
SWOT (strength/weakness/opportunities/threats) analysis will discover risks?
Risk analysis methodologies?
Chance that risk will occur (once a decade, once a week)
Design controls to remediate
Risk assessment is a combined approach
Combined approach for a risk analysis
You mentioned a lot of people, what’s the scope?
How do you do the risk assessment? Framework?
Like an agile approach
Provides an informed conclusion
Report must be clear (no jargon)
Examples to Reduce Risk
Training and education
what kind of testing? Annual Security training?
Agreement with organization
BAA with 3rd parties
Timely testing -