Information Risk Management
A practitioner's guide
By (author) David Sutton
Publication date: 27 Sep 2021
Information risk management (IRM) is about identifying, assessing, prioritising and treating risks to keep information secure and available. This accessible book is a practical guide to understanding the principles of IRM and developing a strategic approach to an IRM programme. It is the only textbook for the BCS Practitioner Certificate in Information Risk Management and this new edition reflects recent changes to the syllabus and to the wider discipline.Dimensions: 244x170mm
Print ISBN-13: 9781780175720
Ebook ISBN-13: 9781780175751
274 pages
Imprint: BCS, The Chartered Institute for IT
1. The need for information risk management
2. Review of information security fundamentals
3. The information risk management programme
4. Risk identification
5. Threat and vulnerability assessment
6. Risk analysis and risk evaluation
7. Risk treatment
8. Risk reporting and presentation
9. Communication, consultation, monitoring and review
10. The NCSC Certified Certification scheme
11. HMG Security-related documents
12. Appendix A – Taxonomies and descriptions
13. Appendix B – Typical threats and hazards
14. Appendix C – Typical vulnerabilities
15. Appendix D – Information Risk Controls
16. Appendix E – Methodologies, guidelines and tools
17. Appendix F - Templates
18. Appendix G – HMG cyber security guidelines
19. References and further reading
Sema Yuce CISM CRISC CISA, Director at Truth ISC Technology and Security Consultancy Ltd.
David Alexander, Information Security Group, Royal Holloway, University of London
Andrea Simmons PhD FBCS CITP CISM CISSP MA CIPP/E CIPM