3.1. Introduction

Securing enterprise information systems (IS) is a vital, complex and difficult task to undertake. Some IS threats, if they materialize, can be fatal for a company. These threats are intended to alter one of the key security attributes: integrity, authenticity, availability and confidentiality. In a simpler way, they can undermine the availability of systems and data, destroy data, corrupt or falsify data, steal or spy on confidential data, try to misuse the system or network, or use the compromised system to attack other targets.

Threats can have impacts that generate different costs for the company: human, technical and financial. Examples of impacts include: loss of confidentiality of sensitive data, unavailability of infrastructure and data, damage to intellectual property, loss of notoriety, etc. The risks of such threats can occur if the IS and the networks that support them are vulnerable. Generally, the risk can be described by a function with two parameters: probability of occurrence (likelihood) and threat impact. A widely used function is the product function of Impact and Occurrence Probability: Risk = Impact × Occurrence Probability.

Enterprise IS security is increasingly being addressed using risk-based approaches. These approaches can significantly reduce the impact of threats due to IS vulnerabilities. IS security and risk analysis have been the subject of several standards summarized below (Bloch