Information Risk Management Regime

Part of the Cyber Maturity series of articles, this section focuses on the Information Risk Management Regime.

Quoting the 10 Steps to Cyber Security Guidance Sheets:

It is best practice for an organisation to apply the same degree of rigour to assessing the risks to its information assets as it would to legal, regulatory, financial or operational risk. This can be achieved by embedding an information risk management regime across the organisation, which is actively supported by the Board, senior managers and an empowered Information Assurance (IA) governance structure. Defining and communicating the organisation’s attitude and approach to risk management is crucial. Boards may wish to consider communicating their risk appetite statement and information risk management policy across the organisation to ensure that employees, contractors and suppliers are aware of the organisation’s risk management boundaries.

The specific recommendations are:

  • Establish a governance framework
  • Determine the organisation’s risk appetite
  • Maintain the Board’s engagement with information risk
  • Produce supporting policies
  • Adopt a lifecycle approach to information risk management
  • Apply recognised standards
  • Educate users and maintain their awareness
  • Promote a risk management culture

What are your experiences in this area? How are you managing these controls?
Please share with the community in the comments area below.


Where is good practice referenced? Please let the community know in the comments area below.

The pages referenced in this series of blog articles are derived from the  10 Steps to Cyber Security Guidance Sheets published by BIS and GCHQ in this press release.
The documents are Crown Copyright and used here with permission under the government open license.

Please join the discussion, we welcome your views...

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s