From the course: Complete Guide to Open Source Security
Join today to access over 24,500 courses taught by industry experts.
Entering risks into eramba
From the course: Complete Guide to Open Source Security
Entering risks into eramba
- [Instructor] Let's assume our reviewer, Penelope, has carried out her risk assessment. So we can now select Actions, Add to add a new risk. And we'll call it, financial files may not be accessible. And in the description we'll say, financial files may be deleted or made otherwise inaccessible. And we'll put Penelope down as both the risk originator and the GRC contact. And we'll put a next review date of end of the year. On the Analysis tab, we'll select our Transpay System. And we'll just get rid of some of the threats we don't want and we'll keep Remote Exploit, Web Application Attack, Malware Distribution, and Viruses. And under the threat description, we'll add ransomware is activated against financial data. And in the vulnerabilities, we'll remove those and we'll select lack of patching and lack of network controls. In the vulnerabilities description we'll enter, the system is exposed to remote attack to achieve initial access through the network. And patching is out of date on…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
(Locked)
Introduction to GRC1m 13s
-
Architecting with ArchiMate5m 52s
-
(Locked)
Modelling security with Archi2m 22s
-
(Locked)
Adding security to the model3m 27s
-
(Locked)
Security risk management with SimpleRisk3m 9s
-
(Locked)
Taking SimpleRisk for a spin7m 34s
-
(Locked)
Using eramba for GRC4m 18s
-
(Locked)
Configuring the eramba system8m 31s
-
(Locked)
Preparing your risk context9m 11s
-
(Locked)
Setting up your assets3m 15s
-
(Locked)
Entering risks into eramba3m 35s
-
(Locked)
-
-
-
-
-
-
-
-
-
-
-
-