Information risk management and information assurance
- Risk modification: We introduce, remove or modify risk controls* to bring the risk down to acceptable levels
* A control is something that we can do to affect the security properties of a particular object. For instance, we could add a rule into the firewall or introduce stronger password requirements
- Risk retention: If the risk is already below acceptable levels, there is no need to do anything else
- Risk avoidance: Don’t do the thing that causes the risk
- Risk sharing: Employ a third-party to help deal with the risk, for example employ another organisation to filter email
Information assurance and information security complianceInformation assurance and information security compliance often requires more active auditing of the IT system. From a technical perspective, this can include such things as conducting pen tests on our own systems. These are often the easiest to do but may not give much in the way of information. In order to obtain the full picture, it’s necessary to review, or have reviewed, our compliance and assurance policies and processes to ensure that they are fit for purpose and fulfilling organisational needs. Ideally, this should be part of an ongoing programme of improvement.
ReferenceBSI (2018) ISO/IEC 27005:2018 Information Technology. Security Techniques. Information Security Risk Management. [online] available from https://bsol.bsigroup.com/Bibliographic/BibliographicInfoData/000000000030372032 [30 July 2019]
Our purpose is to transform access to education.
We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.
We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.