PART 1 – GENERAL

CHAPTER 1: WHY RISK DOES NOT DEPEND ON COMPANY SIZE

What is the real worth of the USB stick you just bought for £15? After a year, if you included it as a short-term cost item in your accounts, it would not be worth anything. On the other hand, if it contained all the latest data of your research project which was bound to pay off in a couple of years, then it would be worth pretty close to infinity or, at least, the future of your company.

It is not easy to define risk or what taking a risk really means. Sometimes people try to use probabilities and ALEs (Annual Loss Expectancy); sometimes damage or the propagation of damage along a business process is included; sometimes risk is described as a vector of vulnerabilities and ...

Get Managing Information Security: Studies from real life now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.