Michael Crawley, MBA, PMP, M.ED, MSP, Six Sigma BB, Lean SSBB, Agile Master , Scrum Master Master

24x7

VideoResultsNow@gmail.com 224-402-5362​​​​​​​​​​​​​​

Everything you need to secure necessary Cybersecurity Awareness !

Risk Management

  • Avoidance
    • Avoiding risky activities
  • Transference
    • Sharing risk with others
  • Mitigation
    • Applying security controls to reduce risk
  • Deterrence
    • Applying visible controls to discourage others
  • Acceptance
    • Choosing not to act on risk
  • Residual risk
    • Remaining risk after management strategy

WE ARE AWESOME AT Cyber-Information Delivery

Identify common network security components and secure transport protocols, harden networks, and apply monitoring, detection, and remediation insights, techniques and best practices.  Begin to increase your awareness NOW!

126

Attacks per second

Global Projects in immediate & Agile effect !

satisfaction rate

193
100%

Quantitative risk assessment values

  • SLE – Single loss expectancy is cost of any single loss
  • ARO – Annual rate of occurrence is expected number of times given loss may occur per year
  • ALE – Annual loss expectancy is expected cost per year from threat (SLE × ARO)

Threat probability

  • MTTF – Mean time to failure
    • Used for non-serviceable components
  • MTTR – Mean time to repair
  • MTBF – Mean time between failures
    • Used for serviceable components
  • MTBSI – Mean time between service incidents

Quantitative risk assessment values


Probability * Impact

Vulnerability Scanning


  • Intrusive vs. non-intrusive
  • Credentialed vs. non-credentialed
  • Goals
    • Missing or misconfigured security controls
    • Open ports
    • Weak passwords or encryption
    • Misconfigured security controls
    • Unsecured data
    • Compromised systems
    • Exploitable vulnerabilities
    • Unpatched systems

Vulnerability Assessment (VA): Passive

    Purpose of Vulnerability Assessment

    • Baseline review
      • The existing intended security configuration
    • Determining attack surface
      • All of the software and services installed which can be subject to attack
    • Reviewing code
    • Reviewing architecture
    • Reviewing design