Information risk is endemic in any modern organisation. From the potential for losing sensitive information to a full-system crash that incapacitates the company, the consequences can be disastrous. Information risk management is a method of assessing information threats and taking actions to minimise the chances of risks becoming a reality. With properly implemented security controls based on risk assessment, you could stop your company from having to suffer huge financial or reputational fallout. This pocket guide addresses the scope of risks involved in a modern IT system, and outlines strategies for working through the process of putting risk management at the heart of your corporate culture. The guide draws on the work of the US National Institute of Standards and Technology, together with UK government white papers and interviews with board-level risk management practitioners.