~3-page information security policy template on the management of information risk.
The purpose of information risk management is to identify, evaluate and treat the organization’s information risks in an appropriate, cost-effective manner. While it is neither sensible nor feasible to eliminate information risks completely, unacceptable information risks must be managed using the approach described in this policy.
Note: despite the focus on 'security' and the current obsession with 'cyber', a wider perspective suggests other, more creative and more effective ways to deal with information risks. Security controls are necessary but not sufficient.
Delivered as an editable MS Word document, easily customized for your organization's specific needs.
Information risk management policy
Information security policy template on information risk management
See also the policies on:
- Information governance
- Information ownership
- Information classification
- Threat intelligence
- Information integrity
- Information retention
- Information disposal
- Backups and archives
- Business Continuity Management
- Intellectual Property Rights
- Incident reporting
- Responsible disclosure
- Incident management
- Physical security
- ... the entire security policy suite in fact!