Without policies and security-management controls in place, the organization is really saying that anything goes. That opens the organization to a host of risks, both internal and external. Examples of internal threats include leakage of sensitive data, theft, legal liability, and corruption of data. External threats include natural disasters, spyware, viruses, worms, and Trojan programs. This is by no means a complete list, but it should alert you to the many dangers that organizations face each day. Failure to deal with these threats can lead to loss of information assets, reduced profits, civil or criminal suits, or even the demise of the company.
The CISSP Cram Sheet
A Note from Series Editor Ed Tittel
About the Author
We Want to Hear from You!
The CISSP Certification Exam
Access-Control Systems and Methodology
System Architecture and Models
Telecommunications and Network Security
Applications and Systems-Development Security
Business Continuity Planning
Law, Investigations, and Ethics
Practice Exam 1
Answers to Practice Exam 1
Practice Exam 2
Answers to Practice Exam 2