Author: Edward Humphreys
ISBN No: 978-0-580-6074
Review date: 07/12/2025
No of pages: 156
Publisher: BSI
Year of publication:
Brief:
If you are a business manager or are involved in information security and risk management, this book will give practical advice.
The author besides having a background in the field is the editor of BS 7799, the British Standard for information security management. Now risk, like health and safety, does run the risk – pardon the pun – of having a bad name, because of what some see as over-reaction to risks, such as the Icelandic volcanic ash in April grounding airlines. Humphreys does address this from the start: “A risk to one person might be an opportunity for another person.” In other reasons, it’s for people to judge – and Humphreys argues for the balanced view; we can never afford to be complacent, nor in fear; ‘even with protection there are no guarantees’. Take the insider threats of IT sabotage, information threat and fraud. A business needs to authorise staff to access information to do work. How to manage the risks of insider trading, and disgruntled staff hacking into computer systems and stealing? This well laid out book takes you through the risk assessment, and controls (’a measure that is modifying risk’), and not forgetting monitoring and reviews (all documented). This way you can address every risk from acceptable use of email and company computers to student placements and the contract cleaners.
