Information security risk management guide
Information security risk management guide

The following Risk & Compliance practice note provides comprehensive and up to date legal information covering:

  • Information security risk management guide
  • Why you need to manage this risk
  • Top five priorities
  • 1. Information mapping
  • Information mapping—action list
  • 2. Information risk assessment
  • Information risk assessment—action list
  • 3. Information security systems and controls
  • Information security systems and controls—action list
  • 4. Policies and procedures
  • More...

Information security risk management guide

Why you need to manage this risk

Information is an asset. Preserving and protecting that asset is critical to the commercial success of any organisation.

All businesses rely on technology to store and process information. You cannot, however, assume that deploying sophisticated information technology (IT) systems will make your business impregnable. Cyber criminals are equally if not more sophisticated and you must never overlook the human factor—your own staff can inadvertently or maliciously expose the organisation to loss of information or cyber attack.

This risk management guide acknowledges that most in-house lawyers and compliance professionals are not information security experts, nor are they responsible for information security within their organisation. This responsibility is likely to rest with the IT department. However, in the event that an information security breach occurs, it is inevitably the in-house legal department and/or compliance team that have to deal with the legal implications.

For this reason and, as a general matter of good risk management, it is important for in-house lawyers and compliance professionals to understand where the greatest information risks lie and be able to have an informed conversation with the IT department about whether those risks are adequately managed.

Top five priorities

The table below identifies five key priorities for data protection risk management and gives the heads-up on why each one is a priority area.

Each priority is then

Popular documents