11 new controls introduced in the ISO 27001 2022 revision: A.5.7 Threat intelligence A.5.23 Information security for use of cloud services A.5.30 ICT readiness for business continuity A.7.4 Physical security monitoring A.8.9 Configuration management A.8.10 Information deletion A.8.11 Data masking A.8.12 Data leakage prevention A.8.16 Monitoring activities A.8.23 Web filtering A.8.28 Secure coding
What you say is a revision in ISO 27002:2013 replaced with 27002:22. Secondly, it is not an addition but a replacement. And the revised ISO 27001:2022 is yet to come.
@@SanjayGore What's the latest version of ISO 27001? ISO 27002 A comprehensive update of ISO 27001 is expected to be released in October 2022. Once updated, the latest version of ISO 27001 will align with changes made to ISO 27002 and published in February 2022.
Thank you so much Sir. I really learned a lot about RA on Assets today. I have subscribed your channel and planning to spend lots of time and watch all your videos on BC stuff. Love from Canada
Thank you so much for these wonderful sessions, sir. Kindly do post more on GRC based sessions. Keep posting some real time practical kind of stuffs if possible. Eagerly waiting for upcoming videos.
risk level didvided in 4 equal parts, if impact is medium and likelihood is medium then with this table final risk come in low number. same if high impact and high likelihood then risk result come in medium block. how you can explain this
Hello Sanjay, thanks for this great resource. Please I have a question. My question is; in the table below, I have various threat values for assetname "Laptop" and again had various threat values for assetname "Database server". In this situation, which of the threat values should I take as the actual threat value for a specific (single) asset? Assetname Threats Frequency Impact Value Threat Threat Value Laptop Virus & malware 4 4 16 4 Data & information theft 4 4 16 4 vandalism 3 3 9 3 unauthorized access 1 2 2 1 Ransomware 2 2 4 1 Date deletion 1 3 3 1 Database server Sql injection 3 4 12 3 Virus & malware 4 4 16 4 Data & information theft 4 4 16 4 vandalism 3 3 9 3 unauthorized access 1 2 2 1 Ransomware 2 2 4 1 Date deletion 1 3 3 1
Nicely explained sir. Thankyou so much for such a clear and nice contents. Sir could you please also make a video on CIA rating criteria, I mean how to decide 1~4 rating for Credibility, Integrity and availability?
Good to listen new. Topic voice quality requires improvement also विडिओ wiil be more effective if points are written on blackboard and explain slowly by taking a sample case say of any startup hypothetically
Thanks for your query. The vulnerability is other side of effectiveness of control. More the effectiveness of control lesser the vulnerability and vice versa.
Thanks for the query. The assets value is decided by the risk owner and assets owner. In the risk assessment, the asset-owner is the occupier of the assets (information). As we have seen that the organization should define the risk owner while developing the assets register. So the asset- value is decided by the asset owner. Thanks for your query.
Thanks for your response. Likelihood multiplied by Impact becomes Threat Value. Impact is the assessment of severity of the threat. Hope this suffices your query. Thanks again for asking the question.
Hello Sanjay, thanks for the quick reply and your great Präsentation. I dont understand how the threat value is calculated. In your präsentation it says threat value is probabilty * impact value. This Value is larger than 1 -4 how do you get your Threat Value exactly. Is ist just estamation.
Thanks, Sridhar for your suggestion. I tried to edit the file online to remove the music altogether, but it affected the file itself. I am not a professional video editor, hence could not exactly cut the noise. My trial and error effected in very disturbing scenarios, and since it is in the beginning it may affect the moment of truth. So, ultimately I had to revert back to the original. Your suggestions are valid and big thanks for that. In my next uploading, I will take care of that. Your suggestion gave an opportunity to learn how to edit the already uploaded video to youtube.
Thank you very much for knowledge sharing. This is talking about perfect timing for me.
Thanks
I am happy my efforts are useful for your help, may be a very samll.
Thank again for communicating it to me.
Thank you sanjay, your video is more understandable, when ever I used to get doubt I will watch your videos.
Thanks you very much. I am happy that my little efforts are helpful for you to understand.
I saw many videos sir, but u explained it very clearly.... Thank you so much
Thanks. You are welcome.
11 new controls introduced in the ISO 27001 2022 revision:
A.5.7 Threat intelligence
A.5.23 Information security for use of cloud services
A.5.30 ICT readiness for business continuity
A.7.4 Physical security monitoring
A.8.9 Configuration management
A.8.10 Information deletion
A.8.11 Data masking
A.8.12 Data leakage prevention
A.8.16 Monitoring activities
A.8.23 Web filtering
A.8.28 Secure coding
What you say is a revision in ISO 27002:2013 replaced with 27002:22.
Secondly, it is not an addition but a replacement.
And the revised ISO 27001:2022 is yet to come.
@@SanjayGore What's the latest version of ISO 27001?
ISO 27002
A comprehensive update of ISO 27001 is expected to be released in October 2022. Once updated, the latest version of ISO 27001 will align with changes made to ISO 27002 and published in February 2022.
Very Informative and Valuable Sir
Thank you for sharing Valuable Knowledge 🙏
Thank you very much. I am happy that my little effort helped you understand certain concepts.
Simple and effective presentation of the concept. Thank you for sharing.
You are welcome
Great thanks for this wonderful practical session of RA.
Thank you for those good words.
Really good one, and useful even basics will get clear , particularly for professionals who are running mfg companies and infrastructure companies .
Thanks for those good words.
This was very insightful. Really appreciate the efforts taken to explain this concept.
Glad it was helpful!
Thanks for sharing. The content was really good and well-presented.
Thanks Solomon for these kind words.
Thank you so much Sir. I really learned a lot about RA on Assets today. I have subscribed your channel and planning to spend lots of time and watch all your videos on BC stuff. Love from Canada
Thank you very much for those good words.
Also thanks for subscribing.
Thank you so much for these wonderful sessions, sir. Kindly do post more on GRC based sessions. Keep posting some real time practical kind of stuffs if possible. Eagerly waiting for upcoming videos.
Thank you so much for those kibd words. Sure, I will post as suggested by you. Keep engaging. Thanks again.
good content sir. I have watched it several times.
Thank you very much
You have made it look very simple.
Thank you.
Thank you Sir
Thanks you soo much sir for sharing knowledge
Thanks. You are welcome.
Please subscribe and share the video.
Content covered is quite useful for both beginners and experts in the Industry, great delivery. The background music is a little disturbing.
Thank you, Prerit
Nicely explained.. thank you sir
Thanks for those good words. It inspires me to do more.
Excellent work, Sir; I appreciate your efforts
👍 Thanks
Very nice and learning this session. Thanks you Sir.
Thank you very much Sir for those kind words. It is my pleasure.
Simple and to the Point, very well explained.
Thank you these good words.
Good intro and very useful
Thank you, Danish. Some of the concepts presented are learned through you; while I was in Saudi.
Highly appreciate the simplification
Thanks
sir, you should example like what are corrective controls, detective controls etc. just reading from the slides don't help much
Very well done 👍
Thanks, Manohar.
👍👍👍
risk level didvided in 4 equal parts, if impact is medium and likelihood is medium then with this table final risk come in low number. same if high impact and high likelihood then risk result come in medium block. how you can explain this
Great work sir
Thanks, Jayesh.
Hello Sanjay, thanks for this great resource. Please I have a question. My question is;
in the table below, I have various threat values for assetname "Laptop" and again had various threat values for assetname "Database server". In this situation, which of the threat values should I take as the actual threat value for a specific (single) asset?
Assetname Threats Frequency Impact Value Threat Threat Value
Laptop Virus & malware 4 4 16 4
Data & information theft 4 4 16 4
vandalism 3 3 9 3
unauthorized access 1 2 2 1
Ransomware 2 2 4 1
Date deletion 1 3 3 1
Database server Sql injection 3 4 12 3
Virus & malware 4 4 16 4
Data & information theft 4 4 16 4
vandalism 3 3 9 3
unauthorized access 1 2 2 1
Ransomware 2 2 4 1
Date deletion 1 3 3 1
Nicely explained sir. Thankyou so much for such a clear and nice contents. Sir could you please also make a video on CIA rating criteria, I mean how to decide 1~4 rating for Credibility, Integrity and availability?
Yes. Thanks for suggestion.I will do it.
It confidentiality and not credibility.
@@SanjayGore Thankyou Sir..!!
Interesting Video..!!
Thanks Sanat.
Good to listen new. Topic voice quality requires improvement also विडिओ wiil be more effective if points are written on blackboard and explain slowly by taking a sample case say of any startup hypothetically
Critical concepts made simpler
Thanks, Suryakant. Many of these are learned with you when we were preparing for CISA long back in 2004
Sorry, I'm Italian but I don't understand much of what you say. You have a strong Indian accent. You should post subtitles.
How to compute vulnerability?
Thanks for your query. The vulnerability is other side of effectiveness of control. More the effectiveness of control lesser the vulnerability and vice versa.
who will decide asset value is it data owner / asset owner or auditor/implementer ?
Thanks for the query. The assets value is decided by the risk owner and assets owner. In the risk assessment, the asset-owner is the occupier of the assets (information). As we have seen that the organization should define the risk owner while developing the assets register. So the asset- value is decided by the asset owner.
Thanks for your query.
@@SanjayGore Thanks
Sir, request if you could also make a video based on Context. Normally, it is called as Context Based Risk Assessment. Thanks
Sure. Your suggestion is well taken. Thanks for that.
@@SanjayGore looking forward to a fantastic video
is it okay to use -> Asset + Threat + Vulnerability = Risk
Yes. The organization can use eighter + or x as per convenience. But popular is X
Where is the impact section goes ?
Thanks for your response. Likelihood multiplied by Impact becomes Threat Value. Impact is the assessment of severity of the threat. Hope this suffices your query. Thanks again for asking the question.
@@SanjayGore it's clear so we calculate the risk score as threat*vul* asset value, please correct me if I am wrong
@@usmanshahzad3158 Your statement is correct, Sir.
Hi everybody, i dont get the result of probability × impact value can become 4.
Can u further through some light, for me to explain more?
Hello Sanjay, thanks for the quick reply and your great Präsentation. I dont understand how the threat value is calculated. In your präsentation it says threat value is probabilty * impact value. This Value is larger than 1 -4 how do you get your Threat Value exactly. Is ist just estamation.
Background noise is very disturbing...
Thanks,. Will take care in next video.
Thanks, Sridhar for your suggestion. I tried to edit the file online to remove the music altogether, but it affected the file itself. I am not a professional video editor, hence could not exactly cut the noise. My trial and error effected in very disturbing scenarios, and since it is in the beginning it may affect the moment of truth. So, ultimately I had to revert back to the original.
Your suggestions are valid and big thanks for that. In my next uploading, I will take care of that.
Your suggestion gave an opportunity to learn how to edit the already uploaded video to youtube.
Sir pl avoid background music
Thanks for your suggestions. Your suggestion is welcome. I have noted your comments and try to edit them.
Risk matrices don't work, this is a well established fact. What's the point of promoting it if you don't understand it?
Thanks for your comments. Your thinking is respected and welcome.
Chhan
Thanks, Madhav