We’ve found that organisations have always focused on health and safety risks, but I’m going to focus on information security risks.
7 key steps on how to manage your information security risks:
1. Identify the information asset
These could be laptops, servers, hardware, software, even information that’s sitting on white boards. But for the sake of this video, we will use a laptop as an example.
2. Identify vulnerability and assess the risk
Vulnerability in regards to the laptop could be that it’s stolen, the risk could be that that information becomes available to the public, be it financial records, business records, passwords and that could damage your company reputation.
3. Controls
Using the example of the laptop, we would have requirements on how and when its used, what passwords are required, and also whether we have controls such as bit-lockers.
4. Responsibility
You have to identify who’s responsible for the laptop. Each individual that has a laptop would be allocated that laptop in the register.
5. Monitoring
In your monthly management review, you might determine whether there’s been any new assets bought in or out of the business. The key here is making sure that any hard drive information has been wiped before that goes off site.
6. Records
These could include minutes of your meetings, records of purchase orders and destruction certificates.
7. Communication
This is a key, you need to communicate to all your staff the importance of having control of their laptops.