Information Risk Management

A practitioner's guide

By (author) David Sutton

Publication date:

27 September 2021

Length of book:

274 pages

Publisher

BCS, The Chartered Institute for IT

Dimensions:

244x170mm
7x10"

ISBN-13: 9781780175720

Information risk management (IRM) is about identifying, assessing, prioritising and treating risks to keep information secure and available. This accessible book is a practical guide to understanding the principles of IRM and developing a strategic approach to an IRM programme. It is the only textbook for the BCS Practitioner Certificate in Information Risk Management and this new edition reflects recent changes to the syllabus and to the wider discipline.

1. The need for information risk management

2. Review of information security fundamentals

3. The information risk management programme

4. Risk identification

5. Threat and vulnerability assessment

6. Risk analysis and risk evaluation

7. Risk treatment

8. Risk reporting and presentation

9. Communication, consultation, monitoring and review

10. The NCSC Certified Certification scheme

11. HMG Security-related documents

12. Appendix A – Taxonomies and descriptions

13. Appendix B – Typical threats and hazards

14. Appendix C – Typical vulnerabilities

15. Appendix D – Information Risk Controls

16. Appendix E – Methodologies, guidelines and tools

17. Appendix F - Templates

18. Appendix G – HMG cyber security guidelines

19. References and further reading

Information risk management is an integral part of every business and the author presents its lifecycle in an easy-to-follow and well-organised format with real-life examples, tools and templates. I highly recommend the book also as a valuable reference for legislation, standards, methodologies and frameworks for risk professionals to follow.