TJX costs somewhere south of $300 million (not $4.5 billion, apparently) and Verus going out of business due to breaches means it might be a good time to review our priors and risk.
- Large public B2C companies don’t seem to be as “worst case” as we thought (or as some would like).
- B2B plays, esp. small niche players, are almost certain to be significantly impacted.
It is always good to do worst case and probable loss magnitude analysis when performing FAIR analysis. Do arm your data owners with both sets of information.
Tags: compliance, information risk, information, risk, risk management, risk_management, information, security, information security, information_security, governance, compliance, enterprise_architecture
(via RiskAnalys.is)
August 16, 2007, 10:45am Comments
