16 ◾ The Security Risk Assessment Handbook
© 2011 by Taylor & Francis Group, LLC
vulnerabilities of these various modems (preparation), and nally gaining access to
the organization’s systems through vulnerable modems. Systems targeted include
not only information systems but also environmental systems such as the High
Volume Air Conditioning (HVAC), security systems, and telephone systems (or
private branch exchanges—PBXs).
1.5 The Need for This Book
e proliferation of information security and privacy laws, not to mention lawsuits,
has mandated that businesses perform information security risk assessments. Five
to ten years ago, an analysis of the eectiveness of security controls was rarely per-
formed outside of government agencies and orga ...