Information risks are the threats and vulnerabilites every organisation faces today – the growing need to protect the information we rely on from loss, damage or malicious attack. Information risks, like any risk, can either be:
- Treated: action is taken to reduce the risk
- Transferred: offset, for example by buying insurance
- Terminated: the cause of the risk is removed completely
- Tolerated: accepted by the Board
The action you take depends on your business objectives.