CHAPTER 1: MANAGING RISK

The key to managing risk is understanding that whatever the security controls your organisation puts in place some level of risk is inevitable. The following chapters help identify, evaluate and quantify the risks, but at all stages of the risk assessment and control framework, managers need to be considering just what level of risk is acceptable for any given threat. Given the potential costs of an IT systems security breach, assessing ‘risk tolerance’ is a board-level consideration.

After each threat and risk is assessed and the cost-benefits of mitigating a risk have been established, directors need to decide how to treat residual risk. The key question directors need to ask themselves is: ‘Should we mitigate, transfer, ...

Get Managing Information Risk: A Director's Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.