This is the most important, comprehensive, and sensible book available today on information risk management.
Risk managers, information governance specialists, records mangers, compliance officers, and other professionals will appreciate the lifecycle approach taken to address information-related threats and vulnerabilities that arise at any point from information creation through disposition.
The value of the work as a textbook for courses in risk management, information governance and related subjects is undeniable. Those new to both information governance and risk management will appreciate Saffady’s view of risk as a combination of threats, vulnerabilities, and consequences and his assertion that without vulnerability a threat can pose no harm.
All readers will come away with an understanding of information-related threats, vulnerabilities each threat can exploit, and options available to address those threats and associated vulnerabilities.