Information Security is the board's responsibility – read this book before you get into trouble!
Information risk is endemic in any modern organisation. From the potential for losing sensitive information to a full-system crash that incapacitates the company, the consequences can be disastrous. Information risk management is a method of assessing information threats and taking actions to minimise the chances of risks becoming a reality. With properly implemented security controls based on risk assessment, you could stop your company from having to suffer huge financial or reputational fallout.
This pocket guide addresses the scope of risks involved in a modern IT system, and outlines strategies for working through the process of putting risk management at the heart of your corporate culture. The guide draws on the work of the US National Institute of Standards and Technology, together with UK government white papers and interviews with board-level risk management practitioners.
Benefits to business include:
- Learn how to conduct a risk assessment A risk assessment is essential to forming a clearer picture of how internal and external threats could impact on your organisation
- Understand the requirements of a risk governance framework Under UK government guidance, directors need to put in place arrangements within their company for managing information risk and to assign responsibilities to their staff. This pocket guide sets out the most important elements of any information risk governance framework
- Make better informed risk management decisions The pocket guide suggests a plan for choosing and implementing security controls, based on the idea that the greatest risks are the ones that should be targeted first.
- Find out how to handle third party security Third party security is almost as important as your own, and more difficult to control. This pocket guide contains advice on how to minimise the risk of third party data loss, and suggests ways to prevent your information security from being compromised through the supply chain.
Help your organisation to manage information risk effectively... buy this pocket guide today!"
Table of Contents
- ABOUT THE AUTHOR
- CHAPTER 1: MANAGING RISK
- CHAPTER 2: INFORMATION RISK POLICY
- CHAPTER 3: THE RISKS
- CHAPTER 4: RISK MANAGEMENT FRAMEWORK
- CHAPTER 5: RISK ASSESSMENT
- CHAPTER 6: RISK MITIGATION STRATEGY
- CHAPTER 7: CONTROLS
- CHAPTER 8: INTERACTING WITH PARTNERS AND SUPPLIERS
- CHAPTER 9: STANDARDS
APPENDIX 1: CHECKLIST FOR DIRECTORS
- Have we assessed the importance of information to our business?
- Have we assessed our information risks?
- Do we have a plan for managing these risks?
- Do all staff understand their roles and responsibilities in managing these risks?
- Does my organisation have the right skills and technical capabilities to manage these risks?
- Is management of information embedded in my business processes?
- APPENDIX 2: ESTABLISHING AN INFORMATION RISK TSAR
- FURTHER READING
- ITG RESOURCES
- Title: Managing Information Risk: A Director's Guide
- Release date: July 2009
- Publisher(s): IT Governance Publishing
- ISBN: 9781849281331