~3-page information security policy template on the management of information risk.
The purpose of information risk management is to identify, evaluate and treat (deal with) the organisation’s information risks in an appropriate, cost-effective manner. While it is not feasible to eliminate information risks completely, they can generally be minimised or at least contained using the approach described in this policy template.
Supplied as an MS Word document, readily customised for your organisation's specific situation.
Information risk management policy
Information security policy template on information risk management
See also the policies on:
- Information governance
- Information ownership
- Information classification
- Threat intelligence
- Information integrity
- Information retention
- Information disposal
- Backups and archives
- Business Continuity Management
- Intellectual Property Rights
- Incident reporting
- Responsible disclosure
- Incident management
- Physical security
- ... the entire security policy suite in fact!