• Phil Potter

How to Manage Information Security Risks

We’ve found that organisations have always focused on health and safety risks, but I’m going to focus on information security risks.


7 key steps on how to manage your information security risks:


1. Identify the information asset

These could be laptops, servers, hardware, software, even information that’s sitting on white boards. But for the sake of this video, we will use a laptop as an example.



2. Identify vulnerability and assess the risk

Vulnerability in regards to the laptop could be that it’s stolen, the risk could be that that information becomes available to the public, be it financial records, business records, passwords and that could damage your company reputation.



3. Controls

Using the example of the laptop, we would have requirements on how and when its used, what passwords are required, and also whether we have controls such as bit-lockers.



4. Responsibility

You have to identify who’s responsible for the laptop. Each individual that has a laptop would be allocated that laptop in the register.



5. Monitoring

In your monthly management review, you might determine whether there’s been any new assets bought in or out of the business. The key here is making sure that any hard drive information has been wiped before that goes off site.



6. Records

These could include minutes of your meetings, records of purchase orders and destruction certificates.



7. Communication

This is a key, you need to communicate to all your staff the importance of having control of their laptops.