1
00:00:00,970 --> 00:00:04,840
Time money and hours courses are precious to us.

2
00:00:04,930 --> 00:00:10,120
So we want to spend as little of our resources as possible on security.

3
00:00:10,120 --> 00:00:13,310
Security is not the end goal.

4
00:00:13,360 --> 00:00:17,570
The goal is to be getting on with the things that we want to actually do.

5
00:00:17,590 --> 00:00:22,330
Maybe surfing the web or writing an email or running a business.

6
00:00:22,330 --> 00:00:27,040
Most organizations are not in the business of security.

7
00:00:27,040 --> 00:00:33,910
Security is simply an enabler to do business and to do the things that we want to do.

8
00:00:33,910 --> 00:00:37,110
We don't want to do security for the sake of it.

9
00:00:37,150 --> 00:00:42,250
We don't want to apply too much security or too little security.

10
00:00:42,250 --> 00:00:49,590
We want to optimize our use of our resources so they optimally protect our assets.

11
00:00:49,720 --> 00:00:56,620
I want you to get your best return on investment in terms of your resources when it comes to applying

12
00:00:56,620 --> 00:00:57,570
security.

13
00:00:57,790 --> 00:01:06,310
So the aim should be to protect what you value most and apply no security so that you can do the things

14
00:01:06,310 --> 00:01:08,720
that you want to do safely online.

15
00:01:08,740 --> 00:01:13,770
Also the business can function within acceptable levels of risk.

16
00:01:13,930 --> 00:01:20,020
So let's now do a simple thought experiment either for yourself personally.

17
00:01:20,020 --> 00:01:24,430
You can think about this for the thought experiment or you can think about maybe in the context of an

18
00:01:24,430 --> 00:01:31,380
organization or service or application we're going to think about in the context of this thing that

19
00:01:31,510 --> 00:01:38,650
you want to protect and sort of their files their e-mails their accounts and ask yourself what is most

20
00:01:38,650 --> 00:01:48,520
confidential What can you afford to lose what is irreplaceable what could cause the most damage what

21
00:01:48,520 --> 00:01:55,960
might impact your reputation we could think in terms of things like photos credit card details bank

22
00:01:55,960 --> 00:02:03,230
account details personal identifiable information PIII account information maybe social media linked

23
00:02:03,230 --> 00:02:11,380
teen Facebook Amazon PayPal your primary main e-mail accounts Bitcoin wallet and other cryptocurrency

24
00:02:11,380 --> 00:02:20,170
wallets cryptocurrency Exchange account details browser history secret or confidential files and data

25
00:02:20,260 --> 00:02:23,410
password information financial records.

26
00:02:23,410 --> 00:02:31,360
Think about if they were stolen destroyed or encrypted so that you couldn't use them or get access to

27
00:02:31,360 --> 00:02:39,490
them or may be placed on the Internet and revealed to everyone to see perhaps put in the hands of cyber

28
00:02:39,490 --> 00:02:44,230
criminals and the potential they have to do something with them.

29
00:02:44,230 --> 00:02:51,730
This thought experiment should start to guide you towards the things that are of most value to you or

30
00:02:51,730 --> 00:02:59,280
the organization or the object that you are considering in the security context to apply effective security.

31
00:02:59,380 --> 00:03:05,840
You must know what you value and how much you value it.

32
00:03:05,860 --> 00:03:09,970
You must understand the security objectives for that asset.

33
00:03:10,000 --> 00:03:12,950
For example do you not want it stolen.

34
00:03:12,970 --> 00:03:14,760
Do you not want it destroyed.

35
00:03:14,770 --> 00:03:17,440
Must it be available to you at all times.

36
00:03:17,530 --> 00:03:24,340
The things that we value we refer to them as your security assets the things that we value your assets

37
00:03:24,700 --> 00:03:31,420
as we go through the course you will apply security the assets that you value and you will concentrate

38
00:03:31,420 --> 00:03:38,370
your security efforts on the assets that you value the most and that are at the greatest risk.

39
00:03:38,460 --> 00:03:42,490
There's little point for example spending hours trying to back up files.

40
00:03:42,490 --> 00:03:52,060
You can replace and not taking special care of files that you cannot you want for example to apply maybe

41
00:03:52,150 --> 00:03:59,320
two factor authentication to accounts that you care about maybe not waste time with two factor authentication

42
00:03:59,620 --> 00:04:02,060
on accounts of a little value.

43
00:04:02,200 --> 00:04:05,620
So security has its context.

44
00:04:05,620 --> 00:04:11,680
If you have assets in your mind now that you're thinking about as we've gone through the thought experiment

45
00:04:11,710 --> 00:04:20,800
that you want to protect or considering protecting as a practical exercise right down those assets then

46
00:04:21,010 --> 00:04:28,000
as you go through the course think about how you protect them with the security controls we discussed

47
00:04:28,090 --> 00:04:35,050
or whether you can protect them with the security controls that we discuss and update your list as you

48
00:04:35,140 --> 00:04:36,910
go through the course.