FURTHER READING – Managing Information Risk: A Director's Guide

FURTHER READING

An Introduction to Information System Risk Management, SANS Institute, InfoSec Reading Room, www.sans.org/reading_room/whitepapers/auditing/an_introduction_to_information_system_risk_management_1204.

A Practical Approach to Managing Information System Risk, Tom Olzak, http://it.toolbox.com/blogs/adventuresinsecurity/a-practical-approach-to-managing-information-systemrisk-22212.

BS31100:2008 Risk Management. Code of Practice, www.bsigroup.com /, ISBN: 978 0 580 64908 0.

Guidance on the Department Information Risk Policy, the UK Cabinet Office, www.cabinetoffice.gov.uk/media/207099/guide_on_irp.pdf .

Internal Control: Revised Guidance for Directors on the Combined Code (Oct 2005) (the ‘Turnbull Guidance’), www.frc.org.uk/documents/pagemanager/frc/Revised%20Turnbull%20Guidance%20October%202005.pdf.

ISO/IEC 27005:2008, www.iso.org/iso/catalogue_detail?csnumber=42107.

Managing Information Risk report, prepared by The National Archives, www.coal.gov.uk/media/A3D/15/Information_and_Risk.pdf.

National Institute of Standards and Technology, Special Publication 800-30.

National Institute of Standards and Technology, Special Publication 800-39.

National Institute of Standards and Technology, Special Publication 800-53.

NHS Information Risk Management guidance, www.connectingforhealth.nhs.uk/systemsandservices/infogov/security/risk/inforiskmgtgpg.pdf.