O'Reilly logo

The Psychology of Information Security by Leron Zinatullin

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 2: RISK MANAGEMENT

From the information security perspective, the people, processes and technology supporting the business are not bulletproof, and their vulnerabilities may be exploited. This scenario is called a threat, which has a certain impact on a company’s assets.

Impact = Vulnerability × Threat

Threats vary in probability and therefore the degree of impact. For example, in a company which handles customers’ personal data online, the probability of human error leading to disclosure of sensitive information might be greater and have a larger business impact than someone bringing down the website.

Additionally, the exploitation of a vulnerable critical system may have a greater impact than that of one used purely for archiving. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required