The University of SydneyPage 11Ten Deadly Sins of IS Security Management4. Not realizing that an information security plan must be based on identified risks-Addressing known threats and minimizing losses
LikelihoodConsequences1. Insignificant2. Minor3. Moderate4. Major5. CatastrophicA(almost certain)HighHighExtremeExtremeExtremeB (likely)ModerateHighHighExtremeExtremeC (moderate)LowModerateHighExtremeExtremeD(unlikely)LowLowModerateHigh ExtremeE (rare)LowLowModerateHighHigh