Managing Information Risk: A Director's Guide

CHAPTER 2: INFORMATION RISK POLICY

As priority, directors should draw up an information risk policy to help steer the organisation, key security staff and information owners towards a more secure landscape. There is a ‘Checklist for Directors’ drawn up by the National Archives in Appendix 1 highlighting the various areas for consideration.

In March 2009, the UK government published its Guidance on the Department Information Risk Policy based on generic guidance set out by CESG and published in ISO27002. The paper states that the foundations for good information risk management lie in forward planning, and management should expect at least the following criteria to be included in an information risk policy:

• A definition of information risk ...

Get Managing Information Risk: A Director's Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Managing Information Risk: A Director's Guide by

CHAPTER 2: INFORMATION RISK POLICY

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly