CHAPTER 6: INFORMATION AND CONTINUITY RISK
Organisational information is an asset and therefore, by definition, someone outside the organisation will want it; if no-one wanted it, it wouldn’t be an asset. If it is to be useful to an organisation, information must:
• be available (to those who need to use it).
• be confidential (so that competitors can’t use it).
• have its integrity guaranteed (so that it can be relied upon).
Information risk arises from the threats—both external and internal—to the availability, confidentiality and integrity of the organisation’s information assets. Organisations must address direct risks to the availability, confidentiality and integrity of their information; they also need to address continuity risks ...
Get IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.