CHAPTER 4: INFORMATION RISKS AND FRAMEWORKS
So far we have considered the nature of risk and how it impacts organisations. As information is a key asset of an organisation, a significant area of investment, and one with specific risk implications, it should be high on the agenda of most organisations. Much mystique has arisen around IT assurance because of its technical nature – however, the basic principles are the same as for any other risk impacting the entity. In this chapter we will consider:
• What is information risk?
• The frameworks to help analyse and manage risk: