CHAPTER 2: RISK MANAGEMENT
From the information security perspective, the people, processes and technology supporting the business are not bulletproof, and their vulnerabilities may be exploited. This scenario is called a threat, which has a certain impact on a company’s assets.
Impact = Vulnerability × Threat
Threats vary in probability and therefore the degree of impact. For example, in a company which handles customers’ personal data online, the probability of human error leading to disclosure of sensitive information might be greater and have a larger business impact than someone bringing down the website.
Additionally, the exploitation of a vulnerable critical system may have a greater impact than that of one used purely for archiving. ...
Get The Psychology of Information Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
