CHAPTER 4: INFORMATION RISKS AND FRAMEWORKS
Overview
So far we have considered the nature of risk and how it impacts organisations. As information is a key asset of an organisation, a significant area of investment, and one with specific risk implications, it should be high on the agenda of most organisations. Much mystique has arisen around IT assurance because of its technical nature – however, the basic principles are the same as for any other risk impacting the entity. In this chapter we will consider:
• What is information risk?
• The frameworks to help analyse and manage risk:
COBIT 5
ISO standards
CRAMM.
• Summary
Management ...
Get Fundamentals of Information Risk Management Auditing: An introduction for managers and auditors now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.