Chapter 6. Information Risk in Large Organizations
Executive summary
The information security risks and regulatory pressures faced by larger organizations are of a different league to those faced by smaller ones. Both the threats and the vulnerabilities are significantly different and, as a result, larger organizations suffer more security incidents than the average: ISBS 2004, for instance, reported that 94% of large companies had experienced an information security breach, compared to an overall rate of 74%.
Threats to larger organizations
The threats, both external and internal, are more significant, and this reflects the perceived depth, quantity and value of the larger organization’s information assets, its reputation and profile, and the number ...
Get The Case for ISO 27001 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.