+612 9045 4394
Managing Information Risk : A Director's Guide - Stewart Mitchell

Managing Information Risk

A Director's Guide

Paperback Published: 28th July 2009
ISBN: 9781849280181
Number Of Pages: 58

Share This Book:
Ships in 5 to 9 business days

Learn to manage risks to the information resources in your organisation. Information risk comes with any modern management system. From the potential for losing sensitive data to a full-system crash that incapacitates the company, the consequences can be disastrous. Information risk management is a method of assessing information threats and taking actions to minimise the chances of risks becoming a reality. With properly implemented security controls based on risk assessment, you could stop your company from having to suffer huge financial or reputational fallout. This pocket guide addresses the scope of risks involved in a modern IT system, and outlines strategies for working through the process of putting risk management at the heart of your corporate culture. The guide draws on the work of the US National Institute of Standards and Technology, together with UK government white papers and interviews with board-level risk management practitioners. Benefits to business include: -Learn how to conduct a risk assessment A risk assessment is essential to forming a clearer picture of how internal and external threats could impact on your organisation -Understand the requirements of a risk governance framework Under UK government guidance, directors need to put in place arrangements within their company for managing information risk and to assign responsibilities to their staff. This pocket guide sets out the most important elements of any information risk governance framework -Make better informed risk management decisions The pocket guide suggests a plan for choosing and implementing security controls, based on the idea that the greatest risks are the ones that should be targeted first. -Find out how to handle third party security Third party security is almost as important as your own, and more difficult to control. This pocket guide contains advice on how to minimise the risk of third party data loss, and suggests ways to prevent your information security from being compromised through the supply chain. Buy this book and help your organisation manage information risk!

Introduction 1 Chapter 1: Managing Risk 5 Reduce/Mitigate/Control 6 Transferring risk 7 Avoid 8 Accept 9 Chapter 2: Information Risk Policy 11 Chapter 3: The Risks 13 Accidental disclosure 13 Theft of hardware or data 14 Acts of nature 14 Alteration of software 14 Redundant media 15 System configuration error 15 Suppliers and partners 15 Critical information is wrongly destroyed 16 Poor data input 16 Critical information is lost 16 Wasted assets 16 Failure to make information available 17 Chapter 4: Risk Management Framework 19 Chapter 5: Risk Assessment 23 System characterisation 23 Identify threats 24 Identify vulnerabilities 26 Control analysis 27 Likelihood determination 27 Impact analysis 28 Risk determination 29 Control recommendations 29 Documentation 30 Chapter 6: Risk Mitigation Strategy 31 Seven-stage plan 32 Chapter 7: Controls 35 Chapter 8: Interacting with Partners and Suppliers 37 Chapter 9: Standards 41 Appendix 1: Checklist for Directors 43 Appendix 2: Establishing an Information Risk Tsar 47 Further Reading 49 ITG Resources 51

ISBN: 9781849280181
ISBN-10: 1849280185
Audience: General
Format: Paperback
Language: English
Number Of Pages: 58
Published: 28th July 2009
Publisher: IT Governance Publishing
Country of Publication: GB
Dimensions (cm): 17.78 x 11.1  x 0.31
Weight (kg): 0.05