Professional Documents
Culture Documents
Information Risk Management
Information Risk Management
Brittney Berry
Kris Collum
Jessica Grant
Outline
• Goal
• Ever-changing
• Resources
Who is involved in Information Risk
Management?
• CISO, CPO, CPSO, CCPO
• Chief Information Risk Officer
• Risk Management Roles and Responsibilities
▫ BOD
▫ IT strategy committee
▫ CEO
▫ Business executives
▫ CIO
What are the risks?
• Investment or expense risk
• Access or security risk
• Integrity risk
• Relevance risk
• Availability risk
• Infrastructure risk
• Project ownership risk
What are the threats to risk management?
• Natural threats
• Human Threats
• Environmental Threats
Risk Mitigation Options
• Risk Assumptions
• Risk Avoidance
• Risk Limitation
• Risk Planning
• Risk Transference
Sources
• IT Governance Institute. Information Risks: Whose Business Are
They? 2008.