Information Risk Management: Valuing, Protecting and Leveraging Business Information

A step-by-step guide to implementing an information risk management framework that will allow your organisation to maintain its information securely while also reaping greater value from it

Additional taxes may be applicable


  • Publication date: June, 2010
  • Pages: 108
  • ISBN: 9781906355852


Every organisation faces a range of threats including information risks. From healthcare providers to multinational companies, all organisations are seeking to deliver value, vision and objectives in the face of threats and risks.

Information is a key asset for any organisation but is itself loaded with potential risk, threat and opportunity. The potential for loss, destruction or theft of key business information can lead to significant damage to even the largest global organisation. By contrast, the protection of key information, such as new designs, can allow an organisation to innovate and take positive risks to increase business.

The strategic, operational and financial risks arising from myriad information management programmes are significant and often poorly managed. In these straitened times how can organisations adapt to an array of information risks that could impact on them, ultimately leading to a firm’s demise? Should firms risk cuts now to survive over the longer term?

This report focuses on how to integrate an information risk management approach with corporate information and knowledge strategies to reduce costs and deliver value. It draws on leading practices adopted by a variety of public and private sector organisations and includes comparative analysis of best practices.

This publication shows information professionals how to develop risk strategies that integrate planning and policy making to manage and mitigate risks arising from legal compliance, technology projects and change initiatives.

This report provides an overview of key concepts and techniques for improving the management of information risks. It also shows how to integrate information risk planning into policy and performance management.


Chapter 1: Information risk management – Key concepts and issues

Chapter 2: An introduction to the IRM improvement techniques

Chapter 3: Technique one – Information risk scanning

Chapter 4: Technique two – Information risk management assessment

Chapter 5: Technique three – Information and intelligence development

Chapter 6: Technique four – Defining the value of information

Chapter 7: Technique five – Improving information risk governance and assurance

Chapter 8: Information risk management – The integrated framework

Case study 1: Global pharmaceutical company – Adopting innovative digitisation strategies to deliver cost savings

Case study 2: Eight lessons in information risk, innovation and learning from technology strategists

Case study 3: UK local government – Improving information risk governance and performance

Case study 4: UK police force – Information risk and intelligence scanning

Case study 5: UK health sector – Introducing information tools to capture corporate memory

Appendix 1: Information risk and control assessment tool

Appendix 2: Information risk matrix

Appendix 3: Sample information risk management policy



Robin Smith
Robin Smith is currently head of information governance for Northampton General Hospital. He has worked extensively in the UK police service as a senior information management change manager. He is an established writer, master class leader and lecturer in the development of the open information society and creator of the information risk and intelligence model (IRIM). He is currently completing his PhD in Information Risk Management following his innovative studies of the global banking crisis. Robin was formerly marketing director of the Information & Records Management Society UK and will shortly publish his new book, Blackout: The Coming Collapse of the Digital Society. He is available for contact via email.

You may also be interested in..