1. THE NEED FOR INFORMATION RISK MANAGEMENT
Who should use information risk management?
The context of risk in the organisation
Hot topics to consider in information risk management
The benefits of taking account of information risk
Overview of the information risk management process
2. REVIEW OF INFORMATION SECURITY FUNDAMENTALS
3. THE INFORMATION RISK MANAGEMENT PROGRAMME
Governance of the risk management programme
Information risk management criteria
The risk identification process
The approach to risk identification
5. THREAT AND VULNERABILITY ASSESSMENT
Conducting vulnerability assessments
Identification of existing controls
6. RISK ANALYSIS AND RISK EVALUATION
Tactical risk management controls
Operational risk management controls
Examples of critical controls and control categories
8. RISK REPORTING AND PRESENTATION
Risk treatment decision-making
Risk treatment planning and implementation
Business continuity and disaster recovery
Disaster recovery failover testing
9. COMMUNICATION, CONSULTATION, MONITORING AND REVIEW
Skills required for an information risk programme manager
10. THE NCSC CERTIFIED PROFESSIONAL SCHEME
11. HMG SECURITY-RELATED DOCUMENTS
The National Security Strategy
CONTEST, the United Kingdom’s Strategy for Countering Terrorism
The Minimum Cyber Security Standard
The UK Cyber Security Strategy 2016–
UK government security classifications
APPENDIX A – TAXONOMIES AND DESCRIPTIONS
Typical impacts or consequences
APPENDIX B – TYPICAL THREATS AND HAZARDS
APPENDIX C – TYPICAL VULNERABILITIES
Physical and environmental security
Communications and operations management
People-related security failures
APPENDIX D – INFORMATION RISK CONTROLS
The Centre for Internet Security Controls Version
NIST Special Publication 800-53 Revision
APPENDIX E – METHODOLOGIES, GUIDELINES AND TOOLS
APPENDIX G – HMG CYBERSECURITY GUIDELINES
APPENDIX H – REFERENCES AND FURTHER READING
NCSC Certified Professional Scheme
Other UK government publications
UK and international standards
APPENDIX I – DEFINITIONS, STANDARDS AND GLOSSARY OF TERMS
Definitions and glossary of terms