Armed with an understanding of the risks and recommended controls, senior management will want to know when and how to take action; this comes down to prioritising the threats and assembling an arsenal of control weapons to make it harder for risk sources to attack a vulnerability. Some risks, where loss is too great to contemplate, require immediate remedial action, while others require turning existing measures up a notch, or ensuring existing policies are being followed.

Directors can protect their assets and themselves by choosing strong and relevant security controls for their information systems, and the first stop involves baseline controls. Baseline controls are the initial security controls recommended ...

Get Managing Information Risk: A Director's Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.