发帖
雷达卡
National University of Singapore
TextbookTotal Information Risk Management. Maximizing the Value of Data and Information Assets
Author(s): Alexander Borek
Description
This coursebook is divided into four parts: In the first part of the book, we introduce general concepts in information and risk management to bring you up to speed with the concepts that TIRM is based upon.
In the second part of the book, we explain the TIRM process in detail and how it can be implemented within an organization; we use a case study example to aid with understanding the process.
In the third part of the book, we present advanced risk assessment techniques and software tools, and ways to establish organizational support and employee engagement, which can be used to support and enhance TIRM.
The fourth part of the book offers a conclusion and outlook.
Chapter 1: Data and Information Assets
This chapter introduces key concepts about data and information assets and includes a discussion about the characteristics of data and information assets. This chapter also considers key concepts of data and information quality and explores the impact of having low-quality data and information assets.
Chapter 2: Enterprise Information Management
This chapter introduces the concept of enterprise information management (EIM) and discusses the key challenges and pressures for EIM today.
Chapter 3: How Data and Information Create Risk
This purpose of this chapter is to explain how data and information create risk in an organization. It starts with a short introduction to the anatomy of information risks, explores ways in which to mitigate risks, discusses how risk does not always have to have negative connotations, and moves on to explain why quantifying risk is worth the effort, before concluding with an explanation as to how risk management can help improve EIM.
Chapter 4: Introduction to Enterprise Risk Management
This chapter explores the well-established discipline of risk management, explaining what is risk, the processes associated with risk management, how to determine your organization’s risk appetite, and how risk can be assessed and treated. It concludes with a description of the role of a key player in TIRM: the chief risk officer.
Chapter 5: Overview of TIRM Process and Model
This chapter gives an overview of the various stages of the TIRM process and dicusses general aspects that need to be considered when applying the TIRM process. We also give an overview of the TIRM model, which is needed for stage B of the TIRM process.
Chapter 6: TIRM Process Stage A: Establish the Context
This chapter is the first of three that explain the three stages of the TIRM process. Here, you are shown how to set the motivation, goals, initial scope, responsibilities, and context of the TIRM process. Key areas, including how to establish the external environment, how to analyze the organization, and how to identify business objectives, measurement units, and risk criteria, are explained in this chapter. It also explains how to gain a thorough understanding of the information environment in which your particular business operates.
Chapter 7: TIRM Process Stage B: Information Risk Assessment
This chapter provides a step-by-step guide for implementing the information risk assessment stage of the TIRM process. The chapter demonstrates how to quantify the business impact of poor data and information quality, as well as illustrates how to identify information risks, analyze and quantify information risks, and evaluate and rank information risks.
Chapter 8: TIRM Process Stage C: Information Risk Treatment
This chapter provides a step-by-step guide for implementing the information risk treatment stage of the TIRM process. It covers the identification of causes of information risks, finding appropriate information risk treatments, calculating the costs and benefits, selecting and implementing information risk treatments, and verifying their effectiveness after implementation.
Chapter 9: Integrating the TIRM Process Within the Organization
This chapter gives a comprehensive illustration of how to integrate the TIRM process within an organization. It clarifies the roles and responsibilities that lead to successful integration and offers guiding principles for successful implementation.
Chapter 10: TIRM Process Application Example
Using a case study based on the authors’ experience of implementing TIRM in an energy utility, this chapter shows the practical application of the TIRM process. It also demonstrates the significant benefits that can accrue from improving the quality of data and information holdings.
Chapter 11: Risk Assessment Techniques for TIRM
This chapter examines the popular techniques used for risk management and goes on to explore how they may be used in the context of information risk management. Some of these may be familiar and some less so.
Chapter 12: Software Tools: Automated Methods for TIRM
This chapter considers how automated software solutions can support the TIRM and examines how some of the TIRM process stages can be automated. It continues with a discussion about what information management tools and technologies are currently available for detecting and mitigating information risks.
Chapter 13: Establishing Organizational Support and Employee
Engagement for TIRM
This chapter discusses strategies and concepts to overcome organizational resistance and increase employees’ support for TIRM. It draws on models published in the literature to show how employee “buy-in” might best be achieved.
Chapter 14: Conclusions and Outlook
In the final chapter, we gather together our thoughts on the book and hope that you and your organization will gain benefit from the book as a whole.
Total Information Risk Management. Maximizing the Value of Data and Information Assets.pdf
(16.8 MB, 需要: RMB 19 元)
京公网安备 11010802022788号
