August 3, 2009 Significant Impact Calculation in Business Risk My colleague Gary Hinson made the following observation on the ISO 27001 list in August: There are numerous assumptions and estimations in the risk…