Risk management in information security

Information security risk management is the process of identifying vulnerabilities to your information assets that could impact their confidentiality, integrity or availability along with the threats that could exploit those vulnerabilities – together these define the risk.  The next step is to evaluate the risk to determine its severity, usually by considering the impact if…

Read more

Information Assets – what are they and why should I care?

Information security is all about ensuring the availbility, confidentiality and integrity of information assets (the CIA triad), however many organisations attempt the risk assessment phase of an information security programme without having clear visibility of what their information assets are or perhaps they are aware of some but haven’t prioritised nor modelled the threats against…

Read more