Information security

Good information management underpins good information security. This is increasingly the case in the digital era. The Government’s Security Policy Framework states:

The effective management of information is critical to safeguarding it. Government organisations will consider good information management practice as the basis for their information security arrangements.

Having good policies, procedures and training in place, as well as the right technical environment, to understand and manage your information and data assets will therefore help you to  manage your security-related information risks. See our information management guidance and standards pages for general information management guidance. For guidance on information security, the following sources of information are useful.


Security Policy Framework, Cabinet Office

Cyber security

For further guidance on information assurance and cyber security see the following resources:

10 steps to cyber security, BIS

Information Risk Management Guidance, CESG

Security top tips, BCS

Cyber research and guides, CPNI

HoMER tool, CPNI

Risk and information risk guidance

Guidance and tools for assessing risks to your information.

The Orange Book, HM Treasury

Cyber risk, The Insititute of Risk Management

Risk guides, The Institute of Risk Management