Risk Assessment

About this Course

Risk Assessment is a process that helps you identify and manage potential threats that could harm, damage and disrupt your digital assets.
The purpose of this module is to encourage training participants to think critically about digital security risks, and furthermore support the development of personalized, context-specific strategies to mitigate such risks.
Human Rights Defenders handle sensitive information and the devices that contain them on a daily basis. Few have considered the risks to these assets and the potential consequences of losing control of them during a theft, confiscation or natural disaster.
This module will include some tools for assessing digital and physical threats and will encourage participants to consider:
•The value of their work and the information they depend on for their work (e.g., contacts).
•Personal habits that may put their work at risk.
•A practical level of safety and privacy in an office.

Objectives

•Enable participants to overcome any frustrations with their digital security practice, and reassure them that building their skills is an iterative process requiring time and patience.
•Identify the specific risks that participants face, allowing them to design individual security plans and protocols to address these risks.
•Support participants as they design strategies to facilitate post-training implementation of their security plans and protocols.

Tools Required

Trainer
These tools will be necessary for the trainer
to prepare before conducting the training.

Trainee
These tools will be necessary for the trainee
to have during the training.

•Laptop
•Smartphone
•Projector
•Internet

•Laptop
•Smartphone
•Internet

•Flip charts
•Markers
•Tack
•Pens
•Note books
•Internet

Definitions

Risk – Is any chance or probability that could cause a loss of, or damage to computer hardware, software, data,
information or processing capability.

Threats – Are malicious acts that seek to damage data, steal data, or disrupt digital life in general.

Vulnerability – Is a weakness which can be exploited by a threat to gain unauthorized access to or perform unauthorized actions on a computer system.

Incident– Is an event that may indicate that an organization’s systems or data have been compromised or that measures put in place to protect them have failed.

Risk mapping – Is identifying the risks associated with an organization, project or other system in a way which enables an organization to understand the risk better.

Threat hunting – The process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions.

Threat model – Threat modeling is a process of identifying potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, through which risks can be enumerated, and mitigations can be prioritized.

Security policy – A Security Policy lays out the rules and procedures for all individuals accessing and using organizational IT assets and resources.

Ransom-ware – This is a form of malware (malicious software) that attempts to encrypt (scramble) your data and then extort a ransom to release an unlock code to regain access your computer system.

Risk impact – An estimate of the potential losses associated with an identified risk. standard risk analysis practice to develop an estimate of probability and impact.