Risk avoidance and acceptance has been interchanged: Risk avoidance is a way for businesses to reduce their level of risk by not engaging in certain high-risk activities. While it's impossible to eliminate all risks, a risk avoidance strategy can help prevent some losses from happening. Accepting risk, or risk acceptance, occurs when a business or individual acknowledges that the potential loss from a risk is not great enough to warrant spending money to avoid it. Also known as "risk retention," it is an aspect of risk management commonly found in the business or investment fields.
You really have a gift for translating complex/thorny topics into everyday, easy-to-understand and how-to-apply practically terms! Thanks so much for sharing your wisdom with us, Sir
Thanks Prabh, your content is helpful. I have watched your videos for the past few weeks, I would very humbly point out some English corrections for you to consider; 0:22 - "...some few questions". Here, you can say either some questions or you may say few questions, using both at the same time is not needed. 0:27 - "This video, I am making in a two parts". Here "a" can not be used, so you would say, I am making in two parts 0:46 - "you can refer my LinkedIn profile". Here you must add "to", so you should say, "you can refer refer to my LinkedIn profile.", furthermore, it would be even better if you replace "can" with "may". , so you would say, "You may refer to my LinkedIn profile" 0:50 - so without wasting "a" time. Here you should replace a with any because with time we use "any" and not "a", you should say, without wasting "any" time. The above is sample for the first minute of your video, hope this helps. thanks once again for your content.
It was very well curated. Thanks Prabh. In response to question 4 we may add knowing the interested parties, scope of organization, creating risk assessment and treatment plans. Then conducting risk assessment.
Excellent work sir! The way you breakdown the answers is amazing. Clear and precise. New to GRC and I’ve been trying to find different channels to learn and so far you’re on top of my list. Thanks again.
Hi Prabh, As usual great stuff and KT, It would be wonderful if you could also add examples based scenario, task, action and results. That will be great value to these sessions.
Hi Prabh, is the SSO password or login credentials of an individual categorised under privacy or secrecy? My understanding is that it can give unauthorised access to hackers to company's records and should be tagged as secrecy. Would request your views pls.
I was passed 12th 2018 and now I am BCA first year student so what can I do best for myself to easily I can Crack my GRC interview. And in my education carrier 3 year gap so it will effect to get a job.
Hello Sir, it was really a great video....👌👌👌👌 My only doubt is regarding Risk Acceptance.. it is something like accepting the risk of being the device vulnerable as they can't fix that due to xyz reason due to their application compatibility? Is that not right
Hi prabh Sir , Small correction I think it should be second party is performed on supplier and not by supplier time frame 12: 21 to 23 . Please suggest I am right or wrong?
Why do we say risk cant be eliminated. If there is a risk of me falling down from the terrace of my building. I will eliminate the risk by locking the terrace with 50 locks and then throwing the keys in ocean. Will I ever fall from that building.??
Apart from the building which you mitigated by locks etc etc..but that does not stop someone from getting injured from other threats e.g road accident, falling from stairs, getting hit by heavy objects from thieves etc .. that's why there is no term called 100 % risk free and secure
@@ntcuong01ct1 I believe he's talking about Level 2 of the 3 lines of defense (1st line Operational Management (usually risk owners), 2nd line Risk Management professionals or level 2 as he said, and the 3rd line Internal Auditors or the enterprise's audit function. Hope this helped
Risk avoidance and acceptance has been interchanged:
Risk avoidance is a way for businesses to reduce their level of risk by not engaging in certain high-risk activities. While it's impossible to eliminate all risks, a risk avoidance strategy can help prevent some losses from happening.
Accepting risk, or risk acceptance, occurs when a business or individual acknowledges that the potential loss from a risk is not great enough to warrant spending money to avoid it. Also known as "risk retention," it is an aspect of risk management commonly found in the business or investment fields.
You really have a gift for translating complex/thorny topics into everyday, easy-to-understand and how-to-apply practically terms! Thanks so much for sharing your wisdom with us, Sir
Love love Love the explanation at the end on Risk appetite, tolerance and cpacity.
Thanks Prabh, your content is helpful. I have watched your videos for the past few weeks, I would very humbly point out some English corrections for you to consider;
0:22 - "...some few questions". Here, you can say either some questions or you may say few questions, using both at the same time is not needed.
0:27 - "This video, I am making in a two parts". Here "a" can not be used, so you would say, I am making in two parts
0:46 - "you can refer my LinkedIn profile". Here you must add "to", so you should say, "you can refer refer to my LinkedIn profile.", furthermore, it would be even better if you replace "can" with "may". , so you would say, "You may refer to my LinkedIn profile"
0:50 - so without wasting "a" time. Here you should replace a with any because with time we use "any" and not "a", you should say, without wasting "any" time.
The above is sample for the first minute of your video, hope this helps.
thanks once again for your content.
This is a genius explanation, subscribed and hungry for more knowledge 🙏🏾
This is one of the finest videos I have seen for the reference of GRC interview. Really good job @Prabh🙏
Sir: your video is one of the best in that topic. Thank you!
Ultimate videos Prabh!! Anything for interviews of (ISO 27001:2013,SOC2,GDPR). Thanks.
For now, this video is the best I have seen on GRC.
Very helpful. Your simplicity in demystify complex questions is commendable 😊
Thank you, Guru Ji. More video's on consultant job interview questions would be beneficial.
Great video! Keep doing more GRC series videos . We have less resources in the field of GRC and your channel is really helpful ! Thank you sir
It was very well curated. Thanks Prabh. In response to question 4 we may add knowing the interested parties, scope of organization, creating risk assessment and treatment plans. Then conducting risk assessment.
Yes ankush it's just an high level i covered that is why I have not added that point
Excellent work sir! The way you breakdown the answers is amazing. Clear and precise. New to GRC and I’ve been trying to find different channels to learn and so far you’re on top of my list. Thanks again.
Wow so informative! You really explained the information with easy examples. I took some great notes and now I understand it a lot better. Thank you!
very thankful for the content and explanation. could you please elaborate on risk evaluation. what steps does it include? Thank you!
Really and simplly explanation of the subject Gentleman.
Very great content information. Please keep them coming
Very good content, thank you
Very Informative Prabh Nair, Thanks for posting!
Indeed, excellent and very well elaborated in simple words. Keep it up
So simple to follow and will look for more of your videos to watch
Great video, thank you for sharing
Thank you, and just simply awesome presentation.
Thanks for the great explanation of GRC concepts
Wow you break it down splendidly. Grateful
Great video..
Immensely grateful for the video Prabh, thanks
Great job, more interview questions pls. 👍🏾
Superb bro...expecting more.Thanks
Very helpful! Thank you
This is a comprehensive overview. Very good. Thank you. I enjoy your content.
Excellent explanation.
Thanks!
Hey, love your channel! Clear and beautiful explanation:)❤
Excellent video.
Amazing Video
Specially Risk management part
Good explanation with perfect examples.tnqs for your lectures
Please make one video how to conduct risk assessment 🙏🙏🙏
Thanks Prabh, video was simple & informative.
Excellent! Thank you! Prabh
Awesome content. Thanks Prabh
Hi prabh thanks for making this video
Good stuff, thanks for the video. Subscribed.
Great video
Fantastic breakdown
Most awaited video, waiting for more questions.
Question: As a high level , we do risk assessment first or Threat Modelling, if need to place security from scratch?
Dear prabh sir, can you please make a coffee shot on difference between due diligence and due care .I am unable to grasp the core concept.
Great content. Thank you
Quite Useful Video Prab
Excelllent one Prabh ...
SOP- Is that Standard Operational procedure or Statement of Procedure?
SOP is Standard Operating Procedure
Great teaching. Do you organize training? I would love to join
Good Explanation Prabh.....
very helpful video..
Best video
How to break into the GRC field of Cybersecurity from other fields like network security etc ?
Ultimate
Amazing
This is really good, thank you.
Hi Prabh, Cab you explain key differences between GLBA and SOX?
Hi Prabh Sir , You have not speak about the Risk Evaluation , can you explain Risk Evaluation with some example.
thanks sir very well explained
Nice video ❤❤
Hi Prabh, As usual great stuff and KT, It would be wonderful if you could also add examples based scenario, task, action and results. That will be great value to these sessions.
ruclips.net/video/uiLbIIrBK1c/видео.html
Hi Divya thanks for feedback just check this one
ruclips.net/video/ucKTrEw1PEs/видео.html
Awesome
Thanks sir :)
Absolutely helpful, thank you
what is roles and resposibilities in grc can you make on video
Amazing!
Thanks Prabh 🍻
Hi Prabh, is the SSO password or login credentials of an individual categorised under privacy or secrecy? My understanding is that it can give unauthorised access to hackers to company's records and should be tagged as secrecy. Would request your views pls.
Thank you
plz create these types of questions for iso27001:2022
I was passed 12th 2018 and now I am BCA first year student so what can I do best for myself to easily I can Crack my GRC interview. And in my education carrier 3 year gap so it will effect to get a job.
Are you provide classed for SAP access control and GRC consultant?
Hello Sir, it was really a great video....👌👌👌👌 My only doubt is regarding Risk Acceptance.. it is something like accepting the risk of being the device vulnerable as they can't fix that due to xyz reason due to their application compatibility? Is that not right
We accept the Risk if spending money on remedial measure is not worth of that risk. i.e If ROI is less, we accept that risk
Hi prabh Sir , Small correction I think it should be second party is performed on supplier and not by supplier time frame 12: 21 to 23 . Please suggest I am right or wrong?
Performed on Supplier
Thanks :D
Why do we say risk cant be eliminated. If there is a risk of me falling down from the terrace of my building. I will eliminate the risk by locking the terrace with 50 locks and then throwing the keys in ocean. Will I ever fall from that building.??
Apart from the building which you mitigated by locks etc etc..but that does not stop someone from getting injured from other threats e.g road accident, falling from stairs, getting hit by heavy objects from thieves etc .. that's why there is no term called 100 % risk free and secure
Where can we find some CyberSec GRC projects or work loads to work on?
Can we have more questions Prabh in relation to GRC.
Next video is same for that
I thought - SOP is Standard Operating Procedure
Audio quality is very poor(low) Prabh, Something to do at your end?
Not at all - Sounds great to me
that is cyber security Audit?
Hi pranha any requirement security Grc
Dear Friends, I have a question: 1/ Which department will be responsible for implementing compliance functionality in the GRC?. Thank you.
Level 2
@@PrabhNair1 , could you answer clearly?
@@ntcuong01ct1 I believe he's talking about Level 2 of the 3 lines of defense (1st line Operational Management (usually risk owners), 2nd line Risk Management professionals or level 2 as he said, and the 3rd line Internal Auditors or the enterprise's audit function. Hope this helped
sound is very low on the video
May be your device problem.
@@Help60Device working fine
Voice is very feable
Perfect presentation