Organisational information is an asset and therefore, by definition, someone outside the organisation will want it; if no-one wanted it, it wouldn’t be an asset. If it is to be useful to an organisation, information must:
• be available (to those who need to use it).
• be confidential (so that competitors can’t use it).
• have its integrity guaranteed (so that it can be relied upon).
Information risk arises from the threats—both external and internal—to the availability, confidentiality and integrity of the organisation’s information assets. Organisations must address direct risks to the availability, confidentiality and integrity of their information; they also need to address continuity risks ...