Herd immunity (or community immunity) describes a form of immunity that occurs when the vaccination of a significant portion of a population (or herd) provides a measure of protection for individuals who have not developed immunity. Is this a useful concept for Risk Analysis in Information Security? Where does this concept fail to address important issues in Information Security?