Description

Book Synopsis
Information risk management (IRM) is about identifying, assessing, prioritising and treating risks to keep information secure and available. This accessible book is a practical guide to understanding the principles of IRM and developing a strategic approach to an IRM programme. It is the only textbook for the BCS Practitioner Certificate in Information Risk Management and this new edition reflects recent changes to the syllabus and to the wider discipline.

Trade Review
Information risk management is an integral part of every business and the author presents its lifecycle in an easy-to-follow and well-organised format with real-life examples, tools and templates. I highly recommend the book also as a valuable reference for legislation, standards, methodologies and frameworks for risk professionals to follow. -- Sema Yuce CISM CRISC CISA, Director at Truth ISC Technology and Security Consultancy Ltd.
This book is essential reading for any risk management practitioner. The author’s many years of practical experience in the subject shine through, it is clearly written and easy to follow. The book sets out the best approach when identifying and evaluating risk and the factors to consider when treating it in a pragmatic way. The examples give context and aid understanding and the appendices are comprehensive and a go-to source of useful information on risk. Highly recommended, this will be on my bookshelf. -- David Alexander, Information Security Group, Royal Holloway, University of London
This book should be mandatory reading within any business to understand the scale and scope of the landscape within which their information security and assurance professionals need to operate. -- Andrea Simmons PhD FBCS CITP CISM CISSP MA CIPP/E CIPM

Table of Contents

1. The need for information risk management

2. Review of information security fundamentals

3. The information risk management programme

4. Risk identification

5. Threat and vulnerability assessment

6. Risk analysis and risk evaluation

7. Risk treatment

8. Risk reporting and presentation

9. Communication, consultation, monitoring and review

10. The NCSC Certified Certification scheme

11. HMG Security-related documents

12. Appendix A – Taxonomies and descriptions

13. Appendix B – Typical threats and hazards

14. Appendix C – Typical vulnerabilities

15. Appendix D – Information Risk Controls

16. Appendix E – Methodologies, guidelines and tools

17. Appendix F - Templates

18. Appendix G – HMG cyber security guidelines

19. References and further reading

Information Risk Management: A practitioner's

    Product form

    £42.74

    Includes FREE delivery

    RRP £44.99 – you save £2.25 (5%)

    Order before 4pm today for delivery by Thu 9 Jul 2026.

    A Paperback / softback by David Sutton

    2 in stock

      Trusted by thousands of customers. See 2,385+ Customer Reviews

      View other formats and editions of Information Risk Management: A practitioner's by David Sutton

      Publisher: BCS Learning & Development Limited
      Publication Date: Publication Date: 27/09/2021
      ISBN13: 9781780175720, 978-1780175720
      ISBN10: 1780175728

      Description

      Book Synopsis
      Information risk management (IRM) is about identifying, assessing, prioritising and treating risks to keep information secure and available. This accessible book is a practical guide to understanding the principles of IRM and developing a strategic approach to an IRM programme. It is the only textbook for the BCS Practitioner Certificate in Information Risk Management and this new edition reflects recent changes to the syllabus and to the wider discipline.

      Trade Review
      Information risk management is an integral part of every business and the author presents its lifecycle in an easy-to-follow and well-organised format with real-life examples, tools and templates. I highly recommend the book also as a valuable reference for legislation, standards, methodologies and frameworks for risk professionals to follow. -- Sema Yuce CISM CRISC CISA, Director at Truth ISC Technology and Security Consultancy Ltd.
      This book is essential reading for any risk management practitioner. The author’s many years of practical experience in the subject shine through, it is clearly written and easy to follow. The book sets out the best approach when identifying and evaluating risk and the factors to consider when treating it in a pragmatic way. The examples give context and aid understanding and the appendices are comprehensive and a go-to source of useful information on risk. Highly recommended, this will be on my bookshelf. -- David Alexander, Information Security Group, Royal Holloway, University of London
      This book should be mandatory reading within any business to understand the scale and scope of the landscape within which their information security and assurance professionals need to operate. -- Andrea Simmons PhD FBCS CITP CISM CISSP MA CIPP/E CIPM

      Table of Contents

      1. The need for information risk management

      2. Review of information security fundamentals

      3. The information risk management programme

      4. Risk identification

      5. Threat and vulnerability assessment

      6. Risk analysis and risk evaluation

      7. Risk treatment

      8. Risk reporting and presentation

      9. Communication, consultation, monitoring and review

      10. The NCSC Certified Certification scheme

      11. HMG Security-related documents

      12. Appendix A – Taxonomies and descriptions

      13. Appendix B – Typical threats and hazards

      14. Appendix C – Typical vulnerabilities

      15. Appendix D – Information Risk Controls

      16. Appendix E – Methodologies, guidelines and tools

      17. Appendix F - Templates

      18. Appendix G – HMG cyber security guidelines

      19. References and further reading

      Recently viewed products

      © 2026 Book Curl

        • American Express
        • Apple Pay
        • Diners Club
        • Discover
        • Google Pay
        • Maestro
        • Mastercard
        • PayPal
        • Shop Pay
        • Union Pay
        • Visa

        Login

        Forgot your password?

        Don't have an account yet?
        Create account