Home
Articles
Resources
FAQ
Members
About
Report Incident
My
Contact

News

Icon representing Alert - Microsoft Tech-Support Scammers using WannaCry attack to lure victims
Alert - Microsoft Tech-Support Scammers using WannaCry attack to lure victims

May 24th 2017
Default icon for news items
NCSC: Latest statement on international ransomware cyber attack

May 15th 2017
Icon representing 'Alarming' rise in ransomware
'Alarming' rise in ransomware

May 11th 2017
 

Poll

Would you consider a cyber security certification for your business?


Yes, it's a potential USP, you can't put a price on that
No, it's not worth the time investment
Yes, provided it was cost proportionate to my size of business
No, they're too expensive
Yes, it demonstrates my commitment to the security of the data I hold
 
 
 

How to assess and make business decisions about technology and information risks

This guidance is for those responsible for making decisions about technology and information risks on behalf of the business, which includes how risks 
April 6th 2016
This guidance is for those responsible for making decisions about technology and information risks on behalf of the business, which includes how risks
From CESG

What is risk?

What a risk is, and how it’s described, depends entirely on the context of the organisation which faces that risk, and on the biases of the individual assessing the risk.

In the context of wider business risk management, a risk is the potential for either harmful or positive outcomes to impact upon business objectives, including reputation. Organisations cannot develop without taking risks. Technology and information risk is not just about avoidance and mitigation; the pursuit and acceptance of risk create opportunities and can help deliver business objectives.

Having recognised this wider meaning, this guidance uses the word ‘risk’ to describe the potential for security harm to occur as a result of using technology and information to achieve business objectives.

It is important not to just think about risk in the context of the confidentiality, integrity and availability of technology and information. In addition to these, other things that the organisation values (eg its reputation) may be at risk and should also be taken into account.

See the link for further information and the attached file


Portable document format
Portable document format 207,72 KB
April 6th 2016 13:51

Links