Good information management underpins good information security. This is increasingly the case in the digital era. The Government’s Security Policy Framework states:
‘The effective management of information is critical to safeguarding it. Government organisations will consider good information management practice as the basis for their information security arrangements.’
Having good policies, procedures and training in place, as well as the right technical environment, to understand and manage your information and data assets will therefore help you to manage your security-related information risks. See our information management guidance and standards pages for general information management guidance. For guidance on information security, the following sources of information are useful.
Security Policy Framework, Cabinet Office
Your information can be at risk of cyber-attacks – find out more about the training we offer.
For further guidance on information assurance and cyber security see the following resources:
Security top tips, BCS
HoMER tool, CPNI
Risk and information risk guidance
Guidance and tools for assessing risks to your information.
The Orange Book, HM Treasury
Cyber risk management, a board level responsibility, BIS
Cyber risk, The Institute of Risk Management
Risk guides, The Institute of Risk Management
Role specific guidance
SIRO handbook, The National Archives – to request a copy please email firstname.lastname@example.org
The National Archives is also responsible for delivering a (free) training and engagement programme for Senior Information Risk Owners (SIRO), Information Asset Owners (IAO), non-executive directors, board and audit committee members across the public sector. The programme is sponsored by the Office of Cyber Security and Information Assurance in the Cabinet Office and forms part of the National Cyber Security Programme. Find out more about Information assurance and cyber security training.