Managing Information Risk
A Director's Guide
Elsewhere $42.95 $23.68 Save $19.27 (45%)
Free shipping Australia wide
Order Now for Christmas with e-Gift
|Format: ||Paperback, 74 pages|
|Published In: ||United Kingdom, 28 July 2009|
Information risk is endemic in any modern organisation. From the potential for losing sensitive information to a full-system crash that incapacitates the company, the consequences can be disastrous. Yet more than half of all companies have no formal risk management practices in place, meaning they are unable to be sure their systems are secure, reliable or resilient. This pocket guide addresses the scope of risks involved in a modern IT system, and outlines strategies for working through the process of putting risk management at the heart of your corporate culture. Given that no two companies are the same, this pocket guide should not be taken as a step-by-step guide, but should provide decision makers with a solid overview of the factors they need to consider and a framework for implementing a regime that suits their needs. It provides a checklist of steps that companies need to take to safeguard against various threats, highlights potential vulnerabilities and lists methodologies for mitigating against the risks. This pocket guide draws on previous works by senior security advisory bodies - in particular the US National Institute of Standards and Technology, which has produced numerous landmark 'Special Publications' on the subject, and various UK government guidelines drawn up in the wake of high-profile data breaches. UK governmental and industry white papers were also consulted during research, including interviews with security analysts and board-level risk management practitioners.
Table of Contents
Introduction 1 Chapter 1: Managing Risk 5 Reduce/Mitigate/Control 6 Transferring risk 7 Avoid 8 Accept 9 Chapter 2: Information Risk Policy 11 Chapter 3: The Risks 13 Accidental disclosure 13 Theft of hardware or data 14 Acts of nature 14 Alteration of software 14 Redundant media 15 System configuration error 15 Suppliers and partners 15 Critical information is wrongly destroyed 16 Poor data input 16 Critical information is lost 16 Wasted assets 16 Failure to make information available 17 Chapter 4: Risk Management Framework 19 Chapter 5: Risk Assessment 23 System characterisation 23 Identify threats 24 Identify vulnerabilities 26 Control analysis 27 Likelihood determination 27 Impact analysis 28 Risk determination 29 Control recommendations 29 Documentation 30 Chapter 6: Risk Mitigation Strategy 31 Seven-stage plan 32 Chapter 7: Controls 35 Chapter 8: Interacting with Partners and Suppliers 37 Chapter 9: Standards 41 Appendix 1: Checklist for Directors 43 Appendix 2: Establishing an Information Risk Tsar 47 Further Reading 49 ITG Resources 51
About the Author
Stewart Mitchell has been an IT journalist for more than 10 years, working across a number of publications including The Sunday Times and specialist magazines such as PC Pro, Computer Shopper and PC Advisor. He has run his own internet-based business for the last four years and regularly meets with IT business leaders. Recent work has focused on the work of security professionals and the challenges they face in an ever-evolving digital world. Stewart's other best-selling pocket guides for IT Governance include Managing IT in a Downturn and How to Survive a Data Breach.
IT Governance Publishing|
16.5 x 9.5 x 0.5 centimetres (0.06 kg)|
15+ years |