The availability, integrity and confidentiality of its data are fundamental to the long-term survival of any 21^st-century organization. Unless the organization takes a top down, comprehensive and systematic approach to protecting its information, it will be vulnerable to the wide range of threats identified in this book. These threats are a ‘clear and present danger’ to organizations of all sizes and in all sectors; responsibility for information risk management, for ensuring that the organization appropriately defends its information assets, can no longer be abdicated or palmed off on the Head of IT. The board has to take action. It’s a part – and a very key part – of the board’s governance ...