Great introduction to risk assessment. I rarely got the opportunity to listen to such a practical introduction. Thanks so much for that. I would although expected you to introduce in your example sheet the notion of risk appetite so that you know your residual risk level is within or still outside your appetite after the treatment.

Great insight! thank you Atul & Prabh.

Informative and great Insight,Thank you!

Thank you prabh and Atul for sharing such insight.

Excellent presentation by the panel.

Very Informative, Thank you Prabh and Atul

Very informative. Thanks

Thanks for the detailed information on risk management, and it has given me some more areas to consider in risk assessment. However, I think we also have to have risk scoring, or risk rating, such as if an organization has 40+ risks (hypothetically 😊), then we can choose the top ten risks based on the score or we can sort the risk on scale. calculation can be based on likelihood*overall impact, and that can define the overall risk Impact.

A very informative session. Loved the duo

very informative

Thanks a lot!

i would like practical approach...thank you

So thankful for this content!

Hi Atul & Prabh, I am looking to pursue my career into risk management and more of GRC role, also holding ISO 31000 risk management certification and ISO 27001 Lead Auditor ISMS. Are there any workshop conducted where i can nominate myself to be part of any assignment or project you run to get hands on. Please let me know. I have 13 yrs of experience in IT Service Management but would want to switch to risk management now as part of career progression

Thanks Atul & Prabh for the informative session! A question- The example you showed for version TLS1.0(I mean using obsolete/vulnerable versions) in network devices. Such kinds of checks would be covered under Vulnerability management as well so shall we consider under Risk register? If yes, which of them shall we consider, shall we filter out with impact and critical vulnerabilities. I hope I made my question clear!

@atulrishav3229

6 ай бұрын

Thanks for watching. This is merely an example of how a known risk should be registered and monitored. For instance, a small company wouldn't even have a vuln mgnt program. In that case an umbrella for "network security" will be created under which known vulns such as TLS would be recorded and tracked periodically. What and how a risk should be registered and monitored is solely dependent on the business and their priorities. Hope that makes sense. Feel free to respond with further queries if needed. Cheers!!

Hi prabh, how to identify risk in the organization do we have any tools for that.

please share link to download risk register template

I am looking the template.

The template please?

how to get the excel template?

This is very informative, thank you for taking the time to share. Regarding the Risk treatment plan, what tools can one use to conduct Network device assessments in case this is asked in an interview?

@atulrishav3229

6 ай бұрын

There are plethora of open source and paid network scanning tools such as Qualys, Tenable, Nmap, and such. Depending on the business risk appetite and budget, one can choose either open source or a paid tool. Do remember that budgeting also includes people's time as well. It can be performed inhouse or outsourced if not capable.

@akahibeoluchi4413

6 ай бұрын

You are awesome! Thank you so much.

Hi sir do you have live class

IT risk analyst

Vendor management we want to hear next

@atulrishav3229

6 ай бұрын

Noted.