This report quantifies the business risk of breakdowns in information security. It is based on the results of the ISF 1998 information security status survey – which led to a breakthrough in understanding why IT risk is so high. It describes what makes 'benchmark environments' differ from other environments and presents a model for driving down risks based on the security practices and procedures applied to benchmark environments. The experience of the off-shore oil industry is also featured. Guidance on how the model can be applied in is provided. |
