The best breach is, of course, the one that never happens. In order to achieve that, it is of paramount importance to get one’s risk profile right and to fully and thoroughly understand the risk situation of the company. The word ‘situation’ includes knowledge about threats, vulnerabilities, potential damage, likelihoods, business options for treatment and acceptable losses, all under the circumstances and business environment the company operates in for all its branches, subsidiaries and locations.

We will describe two ways of understanding one’s risk profile: a rather intuitive one, to serve as a starting point yielding reasonable results, and a more extensive one, including all necessary parameters ...

Get Managing Information Security: Studies from real life now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.