BCS publishes new IT risk management handbook
A single bad apple may or may not, as the saying goes, spoil the whole barrel. (Yes "barrel" is the original usage. It was the Osmonds who spoiled the whole "bunch.") If you apply that analogy to IT security, however, most organizations would probably rather stop eating apples altogether than risk testing the spoilage principle. On the other hand, you can't always just cut something out of your business operations because it makes you vulnerable. Businesses are frequently attacked through computerized credit card processing systems, but what are they going to do? Tell everyone to start paying with cash or check?
Knowing an organization's IT security risks and managing them effectively is no simple task. IT risk management is an increasingly important field, however, and at the roughly same time (last week) that The Santa Fe Group began to publicize its new certification for third party risk management professionals, British Computer Society officials were touting the release of a new handbook for risk management professionals to add to their toolboxes.The new 208-page volume, Information Risk Management: A Practitioner's Guide, is an official publication of the British Computer Society.
BCS officials are doing more to endorse the book, however, than simply sending it press. Information Risk Management: A Pracitioner's Guide is required reading for any IT pros attempting to obtain a Practitioner Certificate in Information Risk Management, a special BCS credential. Among the topics covered are the importance of assessing and cataloging an organization's data assets, including making a determination of possible damage to the organization in that event that those data assets are compromised. The handbook also details IT threats and vulnerabilities and explains how to prioritize and counter those chinks in the organizational armor.
Information Risk Management: A Pracitioner's Guide was written by David Sutton, a security professional who has been working in IT for more than 40 years. Sutton said in a press release announcing the new handbook's publication that risk management professionals have to protect again security risks in advance whenever possible, but must also know how to perform damage control and reestablish security after a breach has occurred. "We are dependent on information of all kinds and need to recognise the effects of it either being permanently lost or falling into the wrong hands," Sutton said. "Information risk management is about identifying, assessing and prioritizing risks to keep information secure and available."
Information Risk Management: A Pracitioner's Guide is set to be published Dec. 1, but is available for preorder at the BCS Bookshop.