CHAPTER 1: WHY RISK DOES NOT DEPEND ON COMPANY SIZE

What is the real worth of the USB stick you just bought for £15? After a year, if you included it as a short-term cost item in your accounts, it would not be worth anything. On the other hand, if it contained all the latest data of your research project which was bound to pay off in a couple of years, then it would be worth pretty close to infinity or, at least, the future of your company.

It is not easy to define risk or what taking a risk really means. Sometimes people try to use probabilities and ALEs (Annual Loss Expectancy); sometimes damage or the propagation of damage along a business process is included; sometimes risk is described as a vector of vulnerabilities and threats (which ...

Get Managing Information Security Breaches: Studies from Real Life now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.