O'Reilly logo

Managing Information Risk: A Director's Guide by Stewart Mitchell

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 1: MANAGING RISK

The key to managing risk is understanding that whatever the security controls your organisation puts in place some level of risk is inevitable. The following chapters help identify, evaluate and quantify the risks, but at all stages of the risk assessment and control framework, managers need to be considering just what level of risk is acceptable for any given threat. Given the potential costs of an IT systems security breach, assessing ‘risk tolerance’ is a board-level consideration.

After each threat and risk is assessed and the cost-benefits of mitigating a risk have been established, directors need to decide how to treat residual risk. The key question directors need to ask themselves is: ‘Should we mitigate, transfer, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required