Securing Information
Strengthening Business

Information Risk is NOT Just an IT Issue

Just as your information assets are many and varied, your information risks are too.

Although secure information systems are of huge importance, technology is not the whole story. Not all information is stored on computers – it is physical too: it is filed in cabinets, carried around in folders, taken outside your office, it’s in peoples’ heads. It all needs protecting regardless of the medium it is stored on.

“If I want to know the risks to my information I ask my IT guy.”

The threats aren’t purely from cyber crime. Environmental incident, loss or physical theft are less newsworthy but equally dangerous and in some cases more likely. The human factor makes any business particularly vulnerable.

If you look at our recent post on the Top Ten Information Security Breaches , you’ll see a mix of scenarios – some arising from cyber attack but others due to a lack of physical controls or basic human error.

“What every organisation needs is parity and balance;the right mix of physical, procedural as well as technical controls – in line with your business objectives.”

Dave James, MD of Ascentor

Take a holistic view of information risk

An organisation’s information assets range from personal information on your customers to confidential company information and intimate staff details. Information risk needs strategic thinking and a wide view.Risk management is not about avoidance but balance: the right mix of physical, procedural as well as technical controls – in line with your business objectives.

Effective Information Risk Management is about identifying your most important assets and the threats and vulnerabilities you face as a consequence of the company doing business. What is the impact – can you live with resultant risk? If you cannot, take action to reduce the vulnerability or the impact. This action could be a roadmap, a strategic intent to solve the problem and reduce exposure over a period of time. In case of an incident, be prepared – have a plan for how you operate when your information is unavailable.

We strongly advise any Board of Directors to take a holistic approach to Information Risk Management – right across the business: physical, procedural, personnel and technical. Task each Board member to go and investigate risk in their area.

Which of your gates is open?

You’ll find more information on this holistic approach to Information Risk Management plus questions for each member of the Board in our discussion paper: ‘The Board’s Guide to InformationRisk’ .

Other posts you might like:


For Further Information

If you have any questions about the topics we've covered, or would like to have a chat about any aspect of your own cyber security strategy, please get in touch with the team at Ascentor.

Please use the contact details below - also found on our Contact Us page.


Fields marked with an * are required
Share this:

You may also be interested in:

Building business resilience - through Information Security, Business Continuity and Disaster Recovery

How would you recover if something went drastically wrong with some, or all of your business operations? When we think of worst case scenarios,

Ascentor’s cyber security review of 2020

2020 wasn’t the first year where a virus emerged causing large scale disruption and opportunities for cybercrime. It was, however, the first time

Cyber security myths home workers fall for

From King Arthur to the moon landings that (allegedly) didn’t happen, it’s surprising what people want to believe without any real basis in fact.