Presented at
AppSec USA 2015,
Sept. 23, 2015, 3:30 p.m.
(90 minutes)
Arguably, the single most valuable skill that you can learn in Information Security today in order to improve your security posture for tomorrow is Risk Management. The simple process of identifying your risks, planning your mitigations, and performing reviews puts your company squarely in the drivers seat when it comes to justifying its security expenditures in order to reduce risk. SimpleRisk is the only free and open source alternative to the bloated and expensive Governance, Risk, and Compliance (GRC) platforms out there and is being used by corporations of all sizes, around the world, to perform their risk management activities. During this seminar, Josh Sokol, the Creator of SimpleRisk, will walk attendees through the basics of risk management using hands-on activities and the SimpleRisk tool. By the end of the course, attendees will have the knowledge necessary in order to deploy SimpleRisk in their environment, use it to manage their risks, and have a firm grasp on the processes involved in managing risks.
SimpleRisk is free to download at http://www.simplerisk.org and is released under the Mozilla Public License (MPL) 2.0. This means that those who use it are free to use it, modify it, or even sell it at will. SimpleRisk does sell some additional enterprise functionality such as LDAP authentication, team separation, and e-mail notifications, but the tool is fully functional in performing risk management activities without these and they are completely out of scope for the class.
1) Installing SimpleRisk on a LAMP stack
2) Configuring SimpleRisk
3) Brainstorming risks and naming them
4) Submitting risks
5) Planning mitigations
6) Performing management reviews
7) Creating projects and assigning risks
Who Should Take This Course?
This course is designed to take a person with no prior experience in risk management and teach them how to perform risk management activities such as assessing risk, documenting risk, planning mitigations, and performing management reviews. Attendees will learn how to install and configure the free and open source SimpleRisk risk management framework and will leverage it to become risk management experts for their organization.
What Should Students Bring?
Students will need to bring a laptop running a virtual machine (VMWare, Virtualbox, or Parallels should work fine) containing Ubuntu 14.04 LTS. The installation of SimpleRisk will happen as part of an in-class activity and will be used for all in-class exercises.
Presenters:
-
Josh Sokol
- Information Security Program Owner - National Instruments
Josh Sokol, CISSP, graduated from the University of Texas at Austin with a BS in Computer Science in 2002. Since that time, he has worked for several large companies including AMD and BearingPoint, spent some time as a military contractor, and is currently employed as the Information Security Program Owner at National Instruments. In his current role, Josh manages all compliance, security architecture, risk management, and vulnerability management activities for NI. Josh holds a CISSP certification and has spoken on dozens of security topics including the much hyped "HTTPSCan Byte Me" talk at BlackHat 2010. Josh is the Founder and Creator of the free and open source risk management tool, SimpleRisk.
Links:
Similar Presentations: