Every organization should understand their own unique risk profile based on the impact to their organization of a breach, the vulnerabilities that exist within their unique portfolio of information assets and all reasonable threats that might exploit those vulnerabilities including insider threats.
