Information Risk Management
A practitioner's guide - Second edition
2nd Edition
Published on 27. September 2021
274 pages
978-1-78017-575-1 (ISBN)
Description
Information risk management (IRM) is about identifying, assessing, prioritising and treating risks to keep information secure and available. This accessible book is a practical guide to understanding the principles of IRM and developing a strategic approach to an IRM programme. It is the only textbook for the BCS Practitioner Certificate in Information Risk Management and this new edition reflects recent changes to the syllabus and to the wider discipline.
Reviews / Votes
Information risk management is an integral part of every business and the author presents its lifecycle in an easy-to-follow and well-organised format with real-life examples, tools and templates. I highly recommend the book also as a valuable reference for legislation, standards, methodologies and frameworks for risk professionals to follow. -- Sema Yuce CISM CRISC CISA, Director at Truth ISC Technology and Security Consultancy Ltd. This book is essential reading for any risk management practitioner. The author's many years of practical experience in the subject shine through, it is clearly written and easy to follow. The book sets out the best approach when identifying and evaluating risk and the factors to consider when treating it in a pragmatic way. The examples give context and aid understanding and the appendices are comprehensive and a go-to source of useful information on risk. Highly recommended, this will be on my bookshelf. -- David Alexander, Information Security Group, Royal Holloway, University of London This book should be mandatory reading within any business to understand the scale and scope of the landscape within which their information security and assurance professionals need to operate. -- Andrea Simmons PhD FBCS CITP CISM CISSP MA CIPP/E CIPMMore details
Edition
2nd edition
Language
English
Place of publication
Swindon
United Kingdom
Publishing group
BCS Learning & Development Limited
Target group
Professional and scholarly
Product notice
Reflowable
File size
20,73 MB
ISBN-13
978-1-78017-575-1 (9781780175751)
Copyright in bibliographic data and cover images is held by Nielsen Book Services Limited or by the publishers or by their respective licensors: all rights reserved.
Schweitzer Classification
Other editions
Previous edition
Book
11/2014
BCS, The Chartered Institute for IT
€63.32
Article exhausted; check for reprint
Person
David Sutton's career in IT spans more than 50 years and includes voice and data networking, information security and critical information infrastructure protection. He has been a member of the BCS Professional Certification Information Security Panel since 2005 and has delivered lectures on information risk management and business continuity at the Royal Holloway University of London. He is the author of BCS book 'Cyber Security' and co-author of 'Information Security Management Principles' and 'Data Governance.'
Content
1. The need for information risk management
2. Review of information security fundamentals
3. The information risk management programme
4. Risk identification
5. Threat and vulnerability assessment
6. Risk analysis and risk evaluation
7. Risk treatment
8. Risk reporting and presentation
9. Communication, consultation, monitoring and review
10. The NCSC Certified Certification scheme
11. HMG Security-related documents
12. Appendix A - Taxonomies and descriptions
13. Appendix B - Typical threats and hazards
14. Appendix C - Typical vulnerabilities
15. Appendix D - Information Risk Controls
16. Appendix E - Methodologies, guidelines and tools
17. Appendix F - Templates
18. Appendix G - HMG cyber security guidelines
19. References and further reading
2. Review of information security fundamentals
3. The information risk management programme
4. Risk identification
5. Threat and vulnerability assessment
6. Risk analysis and risk evaluation
7. Risk treatment
8. Risk reporting and presentation
9. Communication, consultation, monitoring and review
10. The NCSC Certified Certification scheme
11. HMG Security-related documents
12. Appendix A - Taxonomies and descriptions
13. Appendix B - Typical threats and hazards
14. Appendix C - Typical vulnerabilities
15. Appendix D - Information Risk Controls
16. Appendix E - Methodologies, guidelines and tools
17. Appendix F - Templates
18. Appendix G - HMG cyber security guidelines
19. References and further reading
