Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,970 --> 00:00:04,840 Time money and hours courses are precious to us. 2 00:00:04,930 --> 00:00:10,120 So we want to spend as little of our resources as possible on security. 3 00:00:10,120 --> 00:00:13,310 Security is not the end goal. 4 00:00:13,360 --> 00:00:17,570 The goal is to be getting on with the things that we want to actually do. 5 00:00:17,590 --> 00:00:22,330 Maybe surfing the web or writing an email or running a business. 6 00:00:22,330 --> 00:00:27,040 Most organizations are not in the business of security. 7 00:00:27,040 --> 00:00:33,910 Security is simply an enabler to do business and to do the things that we want to do. 8 00:00:33,910 --> 00:00:37,110 We don't want to do security for the sake of it. 9 00:00:37,150 --> 00:00:42,250 We don't want to apply too much security or too little security. 10 00:00:42,250 --> 00:00:49,590 We want to optimize our use of our resources so they optimally protect our assets. 11 00:00:49,720 --> 00:00:56,620 I want you to get your best return on investment in terms of your resources when it comes to applying 12 00:00:56,620 --> 00:00:57,570 security. 13 00:00:57,790 --> 00:01:06,310 So the aim should be to protect what you value most and apply no security so that you can do the things 14 00:01:06,310 --> 00:01:08,720 that you want to do safely online. 15 00:01:08,740 --> 00:01:13,770 Also the business can function within acceptable levels of risk. 16 00:01:13,930 --> 00:01:20,020 So let's now do a simple thought experiment either for yourself personally. 17 00:01:20,020 --> 00:01:24,430 You can think about this for the thought experiment or you can think about maybe in the context of an 18 00:01:24,430 --> 00:01:31,380 organization or service or application we're going to think about in the context of this thing that 19 00:01:31,510 --> 00:01:38,650 you want to protect and sort of their files their e-mails their accounts and ask yourself what is most 20 00:01:38,650 --> 00:01:48,520 confidential What can you afford to lose what is irreplaceable what could cause the most damage what 21 00:01:48,520 --> 00:01:55,960 might impact your reputation we could think in terms of things like photos credit card details bank 22 00:01:55,960 --> 00:02:03,230 account details personal identifiable information PIII account information maybe social media linked 23 00:02:03,230 --> 00:02:11,380 teen Facebook Amazon PayPal your primary main e-mail accounts Bitcoin wallet and other cryptocurrency 24 00:02:11,380 --> 00:02:20,170 wallets cryptocurrency Exchange account details browser history secret or confidential files and data 25 00:02:20,260 --> 00:02:23,410 password information financial records. 26 00:02:23,410 --> 00:02:31,360 Think about if they were stolen destroyed or encrypted so that you couldn't use them or get access to 27 00:02:31,360 --> 00:02:39,490 them or may be placed on the Internet and revealed to everyone to see perhaps put in the hands of cyber 28 00:02:39,490 --> 00:02:44,230 criminals and the potential they have to do something with them. 29 00:02:44,230 --> 00:02:51,730 This thought experiment should start to guide you towards the things that are of most value to you or 30 00:02:51,730 --> 00:02:59,280 the organization or the object that you are considering in the security context to apply effective security. 31 00:02:59,380 --> 00:03:05,840 You must know what you value and how much you value it. 32 00:03:05,860 --> 00:03:09,970 You must understand the security objectives for that asset. 33 00:03:10,000 --> 00:03:12,950 For example do you not want it stolen. 34 00:03:12,970 --> 00:03:14,760 Do you not want it destroyed. 35 00:03:14,770 --> 00:03:17,440 Must it be available to you at all times. 36 00:03:17,530 --> 00:03:24,340 The things that we value we refer to them as your security assets the things that we value your assets 37 00:03:24,700 --> 00:03:31,420 as we go through the course you will apply security the assets that you value and you will concentrate 38 00:03:31,420 --> 00:03:38,370 your security efforts on the assets that you value the most and that are at the greatest risk. 39 00:03:38,460 --> 00:03:42,490 There's little point for example spending hours trying to back up files. 40 00:03:42,490 --> 00:03:52,060 You can replace and not taking special care of files that you cannot you want for example to apply maybe 41 00:03:52,150 --> 00:03:59,320 two factor authentication to accounts that you care about maybe not waste time with two factor authentication 42 00:03:59,620 --> 00:04:02,060 on accounts of a little value. 43 00:04:02,200 --> 00:04:05,620 So security has its context. 44 00:04:05,620 --> 00:04:11,680 If you have assets in your mind now that you're thinking about as we've gone through the thought experiment 45 00:04:11,710 --> 00:04:20,800 that you want to protect or considering protecting as a practical exercise right down those assets then 46 00:04:21,010 --> 00:04:28,000 as you go through the course think about how you protect them with the security controls we discussed 47 00:04:28,090 --> 00:04:35,050 or whether you can protect them with the security controls that we discuss and update your list as you 48 00:04:35,140 --> 00:04:36,910 go through the course. 5483