The science, and sometimes art, of logical business information security.


The principles of information security & risk management are no different to other security disciplines. The unique challenge lies in the vast range of forms data and information take when at rest, in motion or being processed. Technology provides multiple avenues and vectors to both reap the benefits of, and exploit, information. Society is relentless in its hunger to evolve the manner in which we obtain, absorb and share information, often without perceiving the negative effects of such innovation. Knowing and understanding your information is the 1st step in being able to effectively manage and secure it.

When it comes to risk management, be pragmatic, know your business and the operating environment, but always ask “what if…” and facilitate open and honest dialogue. Understand the tension between operations and risk and address it rather than hide behind it. Risk management is only effective when trusted relationships, mutual respect, and knowledge are unified by a common goal. Today’s organisations are too complex for a single unit or team to effectively manage risk, so collaboration between assurance and risk management (business unit risk management, information security, internal audit, etc) is the key to success.


Blog: ‘A website that allows users to reflect thoughts and opinions

Posts on this site are my own (shortened) opinions and references to other sites. Drop me a comment if you would like to discuss anything further.

Follow me on Twitter @rob_bainbridge



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s