CHAPTER 2: GETTING YOUR RISK PROFILE RIGHT

The best breach is, of course, the one that never happens. In order to achieve that, it is of paramount importance to get one’s risk profile right and to fully and thoroughly understand the risk situation of the company. The word ‘situation’ includes knowledge about threats, vulnerabilities, potential damage, likelihoods, business options for treatment and acceptable losses, all under the circumstances and business environment the company operates in for all its branches, subsidiaries and locations.

We will describe two ways of understanding one’s risk profile: a rather intuitive one, to serve as a starting point yielding reasonable results, and a more extensive one, including all necessary parameters ...

Get Managing Information Security: Studies from real life now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.