WEBVTT

00:00.000 --> 00:01.860
>> Hi everybody. As you can tell

00:01.860 --> 00:03.990
from the information
we've covered so far,

00:03.990 --> 00:07.500
risk management is a huge
part of information security.

00:07.500 --> 00:09.930
Let's go ahead and take
a closer look at some of

00:09.930 --> 00:13.270
the processes of the risk
management lifecycle.

00:14.270 --> 00:17.745
What are the steps of the
risk management lifecycle?

00:17.745 --> 00:19.905
We start by identifying risks

00:19.905 --> 00:22.725
and determining where
threats meet vulnerability,

00:22.725 --> 00:24.855
then we assess the risks.

00:24.855 --> 00:27.450
We use qualitative or
quantitative analysis

00:27.450 --> 00:29.910
to determine what
potential is for loss.

00:29.910 --> 00:31.560
In order to do that, we're

00:31.560 --> 00:33.030
going to look at the probability

00:33.030 --> 00:36.195
of the risk event and multiply
that times its impact.

00:36.195 --> 00:39.885
This gives us value of the
risk so we can prioritize it.

00:39.885 --> 00:42.265
Then we mitigate the risks.

00:42.265 --> 00:44.420
The value of the risk
that we assessed in

00:44.420 --> 00:47.065
Step 2 will drive our
mitigation strategy.

00:47.065 --> 00:48.665
If it's a high probability,

00:48.665 --> 00:50.090
high impact risk,

00:50.090 --> 00:52.100
will have a very
active strategy.

00:52.100 --> 00:53.840
If it's a low-probability,

00:53.840 --> 00:57.490
low-impact risk, will probably
have a passive strategy.

00:57.490 --> 01:00.405
Our options for mitigating
risks are by reducing,

01:00.405 --> 01:03.015
transferring, or accepting risk.

01:03.015 --> 01:05.450
Then we monitor
the risks because

01:05.450 --> 01:07.955
we know we can't eliminate
risks completely.

01:07.955 --> 01:09.755
We must continue to monitor.

01:09.755 --> 01:11.180
If someone asks, "When are

01:11.180 --> 01:12.650
you done with risk management?"

01:12.650 --> 01:14.330
The answer is never because you

01:14.330 --> 01:17.280
have to continue to
monitor for risks.

01:19.700 --> 01:23.445
First step, risk identification.

01:23.445 --> 01:26.040
There are three parts to
risk identification we

01:26.040 --> 01:28.580
have: identify assets,

01:28.580 --> 01:32.080
identify threats,
identify vulnerabilities.

01:32.080 --> 01:34.640
Frequently when we
talk about assets and

01:34.640 --> 01:36.740
information security,
we mean data.

01:36.740 --> 01:38.690
We have to identify the data we

01:38.690 --> 01:41.515
want to protect and
the value of the data.

01:41.515 --> 01:44.630
Then the next part is to
ask, what are the threats?

01:44.630 --> 01:47.000
Again, threats are
those elements that

01:47.000 --> 01:49.700
can exploit weaknesses
or vulnerabilities.

01:49.700 --> 01:52.720
You have to identify
the vulnerabilities.

01:52.720 --> 01:54.840
Now, one of the ways we can

01:54.840 --> 01:57.735
identify risk is to
use threat modeling.

01:57.735 --> 02:00.020
STRIDE is a common threat model

02:00.020 --> 02:01.535
that we'll look at in a second.

02:01.535 --> 02:04.750
Another type of threat
model is use misuse cases.

02:04.750 --> 02:06.110
You could also include

02:06.110 --> 02:09.360
risk scenarios as a
type of threat model.

02:11.710 --> 02:13.940
The STRIDE threat model is

02:13.940 --> 02:15.230
a very common model that is

02:15.230 --> 02:16.760
used with software development.

02:16.760 --> 02:19.235
It includes six primary
security threats

02:19.235 --> 02:22.100
and the mitigation strategies
for each of those threats.

02:22.100 --> 02:25.475
The first letter of each
threat spells the word STRIDE.

02:25.475 --> 02:29.810
Spoofing is the S in STRIDE
and it means impersonation.

02:29.810 --> 02:32.420
It could be IP address spoofing,

02:32.420 --> 02:34.340
caller ID spoofing, MAC

02:34.340 --> 02:36.995
address spoofing,
or email spoofing.

02:36.995 --> 02:38.810
The best way to mitigate against

02:38.810 --> 02:40.835
spoofing is strong
authentication,

02:40.835 --> 02:42.815
which is proving your identity.

02:42.815 --> 02:44.420
Usually, we want to use

02:44.420 --> 02:46.640
multiple factors
of authentication.

02:46.640 --> 02:48.380
This typically includes asking

02:48.380 --> 02:49.580
you for something you know,

02:49.580 --> 02:52.195
something you have,
and something you are.

02:52.195 --> 02:54.980
Recently, we've added
somewhere you are using

02:54.980 --> 02:57.665
GPS and we've also
added something you do.

02:57.665 --> 02:59.270
This could be patterns that you

02:59.270 --> 03:02.160
swipe on your smartphone
and so forth.

03:03.110 --> 03:07.260
Tampering is the next threat
and it's the T in STRIDE.

03:07.260 --> 03:09.675
This involves some modification.

03:09.675 --> 03:11.270
The best way to mitigate against

03:11.270 --> 03:12.800
this threat is the reform of

03:12.800 --> 03:16.474
integrity verification
such as message digests.

03:16.474 --> 03:19.640
Another word for message
digest is a hash.

03:19.640 --> 03:21.605
We'll talk more about
that in just a bit.

03:21.605 --> 03:23.990
Another older
mitigation strategy is

03:23.990 --> 03:27.420
CRCs, cyclic redundancy checks.

03:27.420 --> 03:30.105
Another strategy is checksums.

03:30.105 --> 03:32.220
Repudiation is the
next threat in

03:32.220 --> 03:34.890
this model and it's
the R in STRIDE.

03:34.890 --> 03:36.480
This means that a sender of

03:36.480 --> 03:37.980
an email disputes that they sent

03:37.980 --> 03:41.150
the message or they could say
that they sent the message,

03:41.150 --> 03:43.180
but it was tampered
within transit.

03:43.180 --> 03:46.395
The mitigation strategy
is non-repudiation.

03:46.395 --> 03:49.580
This means using something
that provides authenticity and

03:49.580 --> 03:53.105
integrity such as a digital
signature and keys.

03:53.105 --> 03:54.530
We'll talk more about this in

03:54.530 --> 03:56.910
our section on cryptography.

03:57.610 --> 04:01.130
Information disclosure
is the I in STRIDE.

04:01.130 --> 04:04.100
This means the disclosure
of sensitive information.

04:04.100 --> 04:07.745
We mitigate this through
confidentiality and encryption.

04:07.745 --> 04:09.710
Denial of service is

04:09.710 --> 04:12.365
the next threat and this
is the D in STRIDE.

04:12.365 --> 04:14.450
Denial of service
attacks are about

04:14.450 --> 04:16.990
rendering a service or
server unavailable.

04:16.990 --> 04:19.040
This might be where you
flood a server with

04:19.040 --> 04:20.890
illegitimate reasons so that it

04:20.890 --> 04:21.920
is so busy dealing with

04:21.920 --> 04:25.000
those requests it can't
handle legitimate requests.

04:25.000 --> 04:27.425
Another example is
where an attacker uses

04:27.425 --> 04:29.600
unsuspecting networks
that we refer to

04:29.600 --> 04:31.610
as botnets or zombies to launch

04:31.610 --> 04:34.340
a much larger scale
attack on the target.

04:34.340 --> 04:36.080
The mitigation strategy for

04:36.080 --> 04:38.180
this type of threat
is high availability,

04:38.180 --> 04:40.685
redundancy, and fault tolerance.

04:40.685 --> 04:43.505
If web server 1 is
attacked that's okay

04:43.505 --> 04:46.700
because web server 2 can
handle this remaining traffic.

04:46.700 --> 04:49.775
Escalation of privilege
is the E in STRIDE.

04:49.775 --> 04:52.580
This threat means an attacker
accesses a system as

04:52.580 --> 04:55.440
a regular user and
escalates his privileges,

04:55.440 --> 04:56.900
that way he has
an admin account,

04:56.900 --> 04:59.885
for example, and can
give more permissions.

04:59.885 --> 05:01.940
The mitigation strategy
for this is to

05:01.940 --> 05:04.610
have strong
authorization measures.

05:04.610 --> 05:08.525
To recap, STRIDE is a great
start to threat modeling.

05:08.525 --> 05:10.445
It looks at six of the
most common threats

05:10.445 --> 05:12.720
and how to mitigate them.