Information Risk Management

Information Risk Management follows information as it is created, distributed, stored, copied, transformed and interacted with…throughout its lifecycle.

Information-centric approach

         Begin by understanding what information is critical to key business initiatives, such as growth through acquisitions or expanding partnerships. Then diligently ‘follow the data’ to gain a more holistic view of all the places where it exists across the organization, where the points of vulnerability are, and what events could put your business at risk.”
 

Risk/Reward analysis

         Security investments should be prioritized, based on the amount of risk a given activity entails relative to the potential business reward, and in keeping with the organization’s appetite for risk.

Ensuring repeatability

         Once enterprise information has been located and a risk assessment performed, the next step is to implement controls — including policies, technologies, and tools — to mitigate that risk. Here, organizations often turn to frameworks like ISO 27002 and the PCI Data Security Standard.

Be the first to comment

Leave a Reply

Alamat email Anda tidak akan dipublikasikan.


*


Blue Captcha Image

*