• Contrast Style 4
  • Contrast Style 3
  • Contrast Style 2
  • Contrast Style 1
Text size

Information Risk Management

A practitioner's guide

David Sutton (author)

UK Price: £27.99 EU Price: €34.99 ROW (USD) Price: $39.99 
add to basket

Buy this eBook

BCS eBooks are available in a variety of formats, including Kindle, ePub and PDF. You can purchase this title from a number of online retailers (including those listed below).

ISBN: 9781780172651
Format: Paperback
Dimensions: 170 x 244
Number of pages: 208
Publication date: 26 NOV 2014
Publisher: BCS, The Chartered Institute for IT

Increasingly, organisations rely on information for their day-to-day operations, and the loss or unavailability of information can mean the difference between success and ruin. Information risk management (IRM) is about identifying, assessing and prioritising risks to keep information secure and available. This accessible book is a practical guide to understanding the principles of IRM and developing a strategic approach to an IRM programme. It also includes a chapter on applying IRM in the public sector. It is the only textbook for the BCS Practitioner Certificate in Information Risk Management.
David Sutton's career in IT spans nearly 50 years and includes voice and data networking, information security and critical information infrastructure protection. He delivers an annual lecture on business continuity at Royal Holloway University of London from where he holds an MSc in Information Security. He is also a co-author of Information Security Management Principles (2nd edition).
'Anyone wishing to become an InfoSec risk management practitioner MUST purchase this book. David has produced an extremely useful and readable book for those entering this discipline and indeed those practitioners wishing to have an invaluable reference resource sitting on their bookshelf. I highly recommended it.'
John Hughes, Member of the InfoSec Skills Faculty, Director, SecID Consultants

'Information is the 21st century’s new gold and protecting such a volatile asset is a tremendous challenge. This book provides many keys to understanding important concepts and possible approaches for mitigating the associated risks.'
Lionel Dupré, CISA, CISM, Networks and Information Security Expert at ENISA

'This book is a well written and illustrated throughout, covering the subject area to a sufficient level of detail for both novices and experienced practitioners requiring a refresher. A very practical and complete guide to managing risks within an organisation.'
Mehmet Hurer, BSc MBCS CITP CEng


Definitions, Standards and Glossary of Terms

1. The need for information risk management

2. Review of information security fundamentals

3. The information risk management programme 

4. Risk identification           

5. Threat and vulnerability assessment      

6. Risk analysis and risk evaluation               

7. Risk treatment 

8. Risk reporting and presentation               

9. Communication, consultation, monitoring and review   

10. The CESG IA Certification scheme            

11. HMG Security-related documents           

12. Appendix A – Taxonomies and descriptions        

13. Appendix B – Typical threats and hazards            

14. Appendix C – Typical vulnerabilities        

15. Appendix D – Information Risk Controls               

16. Appendix E – Methodologies, guidelines and tools          

17. Appendix F - Templates               

18. Appendix G – HMG cyber security guidelines     

19. References and further reading                

Add a review

Post a review

Reviews are subject to approval by the moderator

Your Name *

Your Email Address (Not Published) *

Your Comments *


Please type the character "d" *

* = required field