PREFACE – Managing Information Risk: A Director's Guide


Information risk is endemic in any modern organisation. From the potential for losing sensitive information to a full-system crash that incapacitates the company, the consequences can be disastrous.

Yet more than half of all companies have no formal risk management practices in place, meaning they are unable to be sure their systems are secure, reliable or resilient.

This pocket guide addresses the scope of risks involved in a modern IT system, and outlines strategies for working through the process of putting risk management at the heart of your corporate culture.

Given that no two companies are the same, this pocket guide should not be taken as a step-by-step guide, but should provide decision makers with a solid overview of the factors they need to consider and a framework for implementing a regime that suits their needs.

It provides a checklist of steps that companies need to take to safeguard against various threats, highlights potential vulnerabilities and lists methodologies for mitigating against the risks.

This pocket guide draws on previous works by senior security advisory bodies – in particular the US National Institute of Standards and Technology, which has produced numerous landmark ‘Special Publications’ on the subject, and various UK government guidelines drawn up in the wake of high-profile data breaches.

UK governmental and industry white papers were also consulted during research, including interviews with security analysts and board-level risk management practitioners.