Increasingly, organisations rely on information for their day-to-day operations, and the loss or unavailability of information can mean the difference between success and ruin. Information risk management (IRM) is about identifying, assessing and prioritising risks to keep information secure and available. This accessible book is a practical guide to understanding the principles of IRM and developing a strategic approach to an IRM programme. It also includes a chapter on applying IRM in the public sector. It is the only textbook for the BCS Practitioner Certificate in Information Risk Management.
Information risk management (IRM) is about identifying, assessing and prioritising risks to keep information secure and available. This accessible book provides practical guidance to the principles and development of a strategic approach to an IRM programme. The only textbook for the BCS Practitioner Certificate in Information Risk Management.
Information risk management (IRM) is about identifying, assessing and prioritising risks to keep information secure and available. This accessible book is a practical guide to understanding the principles of IRM and developing a strategic approach to an IRM programme. It also includes a chapter on applying IRM in the public sector. It is the only textbook for the BCS Practitioner Certificate in Information Risk Management.
Preface
Definitions, Standards and Glossary of Terms
1. The need for information risk management
2. Review of information security fundamentals
3. The information risk management programme
4. Risk identification
5. Threat and vulnerability assessment
6. Risk analysis and risk evaluation
7. Risk treatment
8. Risk reporting and presentation
9. Communication, consultation, monitoring and review
10. The CESG IA Certification scheme
11. HMG Security-related documents
12. Appendix A – Taxonomies and descriptions
13. Appendix B – Typical threats and hazards
14. Appendix C – Typical vulnerabilities
15. Appendix D – Information Risk Controls
16. Appendix E – Methodologies, guidelines and tools
17. Appendix F - Templates
18. Appendix G – HMG cyber security guidelines
19. References and further reading