This document discusses information security threats facing organizations. It begins by defining security as freedom from risk or danger and the application of safeguards to prevent loss. It then discusses the types of threats including hackers, vandals, insiders, and espionage. It emphasizes the importance of knowing potential enemies and one's own weaknesses. Emerging threats discussed include social engineering, wireless networks, and lack of security on many wireless access points. The document stresses taking a defense-in-depth approach using administrative, physical, and technical controls to mitigate risks.