Information Risk Management: A practitioner's guide, 2nd Edition

  • 3h 57m
  • David Sutton
  • BCS
  • 2021

Information risk management (IRM) is about identifying, assessing, prioritising and treating risks to keep information secure and available. This accessible book is a practical guide to understanding the principles of IRM and developing a strategic approach to an IRM programme. It is the only textbook for the BCS Practitioner Certificate in Information Risk Management and this new edition reflects recent changes to the syllabus and to the wider discipline.

About the Author

David Sutton's career in IT spans more than 50 years and includes voice and data networking, information security and critical information infrastructure protection. He has been a member of the BCS Professional Certification Information Security Panel since 2005 and has delivered lectures on information risk management and business continuity at the Royal Holloway University of London. He is the author of BCS book 'Cyber Security' and co-author of 'Information Security Management Principles' and 'Data Governance.' --This text refers to the paperback edition.

In this Book

  • Abbreviations
  • Preface
  • The Need for Information Risk Management
  • Review of Information Security Fundamentals
  • The Information Risk Management Programme
  • Risk Identification
  • Threat and Vulnerability Assessment
  • Risk Analysis and Risk Evaluation
  • Risk Treatment
  • Risk Reporting and Presentation
  • Communication, Consultation, Monitoring and Review
  • The Ncsc Certified Professional Scheme
  • Hmg Security-Related Documents
  • Appendix A – Taxonomies and Descriptions
  • Appendix B – Typical Threats and Hazards
  • Appendix C – Typical Vulnerabilities
  • Appendix D – Information Risk Controls
  • Appendix E – Methodologies, Guidelines and Tools
  • Appendix F – Templates
  • Appendix G – Hmg Cybersecurity Guidelines
  • Appendix H – References and Further Reading
  • Appendix I – Definitions, Standards and Glossary of Terms