Introduction
The discipline of Information Risk Management (IRM) covers the management of risks relating to an organisation's information assets. Information assets are essentially all of the data that are owned or used by the organisation. Some of them may be created by the organisation itself, and some may come from elsewhere.
The process of managing risks includes key steps such as identifying information assets, evaluating their importance or value, and establishing the most effective ways of protecting them.
Since information often resides in computerised systems these days, Information Risk Management is often virtually synonymous with IT security (or computer security). However, properly speaking, Information Risk Management is broader since it covers information in non-computerised forms as well (such as on paper, in archives and in verbal communications).
More information will be posted on this page shortly... |