Every organisation faces a range of threats including information risks. From healthcare providers to multinational companies, all organisations are seeking to deliver value, vision and objectives in the face of threats and risks.
Information is a key asset for any organisation but is itself loaded with potential risk, threat and opportunity. The potential for loss, destruction or theft of key business information can lead to significant damage to even the largest global organisation. By contrast, the protection of key information, such as new designs, can allow an organisation to innovate and take positive risks to increase business.
The strategic, operational and financial risks arising from myriad information management programmes are significant and often poorly managed. In these straitened times how can organisations adapt to an array of information risks that could impact on them, ultimately leading to a firm’s demise? Should firms risk cuts now to survive over the longer term?
This report focuses on how to integrate an information risk management approach with corporate information and knowledge strategies to reduce costs and deliver value. It draws on leading practices adopted by a variety of public and private sector organisations and includes comparative analysis of best practices.
This publication shows information professionals how to develop risk strategies that integrate planning and policy making to manage and mitigate risks arising from legal compliance, technology projects and change initiatives.
This report provides an overview of key concepts and techniques for improving the management of information risks. It also shows how to integrate information risk planning into policy and performance management.
Chapter 1: Information risk management – Key concepts and issues
Chapter 2: An introduction to the IRM improvement techniques
Chapter 3: Technique one – Information risk scanning
Chapter 4: Technique two – Information risk management assessment
Chapter 5: Technique three – Information and intelligence development
Chapter 6: Technique four – Defining the value of information
Chapter 7: Technique five – Improving information risk governance and assurance
Chapter 8: Information risk management – The integrated framework
Case study 1: Global pharmaceutical company – Adopting innovative digitisation strategies to deliver cost savings
Case study 2: Eight lessons in information risk, innovation and learning from technology strategists
Case study 3: UK local government – Improving information risk governance and performance
Case study 4: UK police force – Information risk and intelligence scanning
Case study 5: UK health sector – Introducing information tools to capture corporate memory
Appendix 1: Information risk and control assessment tool
Appendix 2: Information risk matrix
Appendix 3: Sample information risk management policy