The growing complexity of today’s interconnected systems has not only increased the need for improved information security, but also helped to move information from the IT backroom to the executive boardroom as a strategic asset. And, just like the tip of an iceberg is all you see until you run into it, the risks to your information are mostly invisible until disaster strikes.

Detailing procedures to help your team perform better risk assessments and aggregate results into more meaningful metrics, Practical Risk Management for the CIO approaches information risk management through improvements to information management and information security. It provides easy-to-follow guidance on how to effectively manage the flow of information and incorporate both service delivery and reliability.






Explains why every CIO should be managing his or her information differently
Provides time-tested risk ranking strategies
Considers information security strategy standards such as NIST, FISMA, PCI, SP 800, & ISO 17799
Supplies steps for managing: information flow, classification, controlled vocabularies, life cycle, and data leakage
Describes how to put it all together into a complete information risk management framework

Information is one of your most valuable assets. If you aren’t on the constant lookout for better ways to manage it, your organization will inevitably suffer. Clarifying common misunderstandings about the risks in cyberspace, this book provides the foundation required to make more informed decisions and effectively manage, protect, and deliver information to your organization and its constituents.