You are previewing Total Information Risk Management.
O'Reilly logo
Total Information Risk Management

Book Description

How well does your organization manage the risks associated with information quality? Managing information risk is becoming a top priority on the organizational agenda. The increasing sophistication of IT capabilities along with the constantly changing dynamics of global competition are forcing businesses to make use of their information more effectively. Information is becoming a core resource and asset for all organizations; however, it also brings many potential risks to an organization, from strategic, operational, financial, compliance, and environmental to societal. If you continue to struggle to understand and measure how information and its quality affects your business, this book is for you. This reference is in direct response to the new challenges that all managers have to face. Our process helps your organization to understand the "pain points" regarding poor data and information quality so you can concentrate on problems that have a high impact on core business objectives. This book provides you with all the fundamental concepts, guidelines and tools to ensure core business information is identified, protected and used effectively, and written in a language that is clear and easy to understand for non-technical managers.



  • Shows how to manage information risk using a holistic approach by examining information from all sources
  • Offers varied perspectives of an author team that brings together academics, practitioners and researchers (both technical and managerial) to provide a comprehensive guide
  • Provides real-life case studies with practical insight into the management of information risk and offers a basis for broader discussion among managers and practitioners

Table of Contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Dedication
  6. In praise of Total Information Risk Management: Maximizing the Value of Data and Information Assets
  7. Acknowledgments
  8. Foreword by Thomas C. Redman
  9. Foreword by John Ladley
  10. About the Authors
  11. Introduction
    1. What is Total Information Risk Management?
    2. Purpose of This Book
    3. Intended Audiences
    4. Structure of This Book
    5. How to Use This Book
    6. What is the Value of Reading This Book?
    7. Summary
  12. Part 1: Total Information Risk Management Background
    1. Chapter 1. Data and Information Assets
      1. Abstract
      2. What you will learn in this chapter
      3. Where napoleon meets michael porter: data and information are assets
      4. How data and information have become the most important assets of the 21st century
      5. What are data and information assets?
      6. The analogy to traditional manufacturing: how raw data is transformed into information products
      7. Life cycle of data and information assets
      8. Quality of data and information assets
      9. How data and information assets influence organizational success
      10. Why we need better methods to understand and measure the impact of data and information quality
      11. References
    2. Chapter 2. Enterprise Information Management
      1. Abstract
      2. What you will learn in this chapter
      3. What is enterprise information management?
      4. Big data and how it requires new thinking in EIM
      5. Further challenges for EIM
      6. Summary
      7. References
    3. Chapter 3. How Data and Information Create Risk
      1. Abstract
      2. What you will learn in this chapter
      3. Introduction
      4. Introduction to the anatomy of information risks
      5. Sources of information risk
      6. Different ways to mitigate information risk
      7. The upside of information risk
      8. The case for quantifying information risk
      9. Why risk management becomes important for information management
      10. References
    4. Chapter 4. Introduction to Enterprise Risk Management
      1. Abstract
      2. What you will learn in this chapter
      3. Introduction
      4. What is risk?
      5. What is Enterprise Risk Management?
      6. What is the generic risk management process?
      7. Assessment of risk
      8. Risk appetite and risk criteria
      9. Treatment of risk
      10. Chief risk officer
      11. Summary
      12. References
  13. Part 2: Total Information Risk Management Process
    1. Chapter 5. Overview of TIRM Process and Model
      1. Abstract
      2. What you will learn in this chapter
      3. Introduction
      4. What does the word total stand for in tirm?
      5. Stages of the TIRM process
      6. Communicate and consult
      7. Monitor and review
      8. TIRM model: Quantifying information risk
      9. Determining risk appetite for TIRM
      10. Summary
      11. References
    2. Chapter 6. TIRM Process Stage A: Establish the Context
      1. Abstract
      2. What you will learn in this chapter
      3. Introduction
      4. TIRM project kickoff
      5. Step A1: Set the motivation, goals, initial scope, responsibilities, and context of the TIRM process
      6. Step A2: Establish the external environment
      7. Step A3: Analyze the organization
      8. Step A4: Identifying business objectives, measurement units, and risk criteria
      9. Step A.5: Understand the information environment
      10. Summary
      11. References
    3. Chapter 7. TIRM Process Stage B: Information Risk Assessment
      1. Abstract
      2. What you will learn in this chapter
      3. Introduction
      4. Step B1: Analyze tasks in each business process
      5. Step B2: Examine information needed for each task
      6. Step B3: Identify information quality problems during task execution
      7. Step B4: Identify consequences of information quality problems
      8. Step B5: Identify for each consequence the business objectives that are affected
      9. Step B6: Examine existing risk controls
      10. Step B7: Estimate likelihood and impact of each consequence
      11. Step B8: Refine numbers and verify results
      12. Step B9: Evaluate and rank information risks
      13. Summary
    4. Chapter 8. TIRM Process Stage C: Information Risk Treatment
      1. Abstract
      2. What you will learn in this chapter
      3. Introduction
      4. Step C1: Analyze causes of information quality problems
      5. Step C2: Identify and describe treatment options
      6. Step C3: Estimate costs, benefits, and risks of treatment options
      7. Step C4: Evaluate and select treatment options
      8. Step C5: Communicate the results to stakeholders
      9. Step C6: Develop information risk treatment plans
      10. Step C7: Implement information risk treatment plans
      11. Step C8: Verify effectiveness of information risk treatments
      12. Summary
      13. References
    5. Chapter 9. Integrating the TIRM Process within the Organization
      1. Abstract
      2. What you will learn in this chapter
      3. Introduction
      4. Roles and responsibilities for TIRM
      5. The relationship between TIRM and EIM
      6. TIRM integrated with ERM
      7. Summary
      8. References
    6. Chapter 10. TIRM Process Application Example
      1. Abstract
      2. What you will learn in this chapter
      3. Introduction
      4. Stage A: Establish the context
      5. Stage B: Information risk assessment
      6. Stage C: Information risk treatment
      7. Summary
  14. Part 3: Total Information Risk Management Techniques
    1. Chapter 11. Risk Assessment Techniques for TIRM
      1. Abstract
      2. What you will learn in this chapter
      3. Introduction
      4. Brainstorming
      5. Semi-structured and structured interviews
      6. Delphi method
      7. Checklists
      8. Monte carlo simulation
      9. Risk indices
      10. Structured “what if” technique
      11. Scenario analysis
      12. FN curves
      13. Root cause analysis
      14. Failure mode effect and criticality analysis
      15. Fault-tree analysis
      16. Bow-tie diagrams
      17. Risk matrix
      18. Summary
    2. Chapter 12. Software Tools: Automated Methods for TIRM
      1. Abstract
      2. What you will learn in this chapter
      3. Introduction
      4. Automating the understanding the information environment step
      5. Identify information quality problems during task execution
      6. InfoRAS: A risk analysis tool covering stage B of TIRM
      7. Software tools for detecting and treating information risks
      8. Conclusion
      9. Reference
    3. Chapter 13. Establishing Organizational Support and Employee Engagement for TIRM
      1. Abstract
      2. What you will learn in this chapter
      3. Introduction
      4. Establish organizational support and changing organizational culture
      5. Employee engagement in tirm
      6. Summary
      7. References
  15. Part 4: Conclusion
    1. Chapter 14. Conclusions and Outlook
  16. Index