It is best practice for an organisation to apply the same degree of rigour to assessing the risks to its information assets as it would to legal, regulatory, financial or operational risk. This can be achieved by embedding an information risk management regime across the organisation, which is actively supported by the Board, senior managers and an empowered Information Assurance (IA) governance structure.

Open Publication