The Issue:

Enterprise IT security is being pulled steadily towards a risk-based view of
the world. Companies need to understand their tolerance for risk, and embrace
technologies and practices that allow them to meet, but not exceed, that
tolerance. The disciplines of information stewardship provide a lens through
which the enterprise can focus its actions in information risk management. By
focusing on the discipline of information protection, it can choose where and how
to apply technologies, such as encryption, to maximize the return on risks of
information leak or theft. Focusing on data quality management can minimize
both the operational risks from inconsistent or incorrect data, and the legal risks
from lapses in compliance, inadvertent disclosure, or unintentional failure to
disclose information in court. Focusing on continuity mitigates risk from data
being unavailable due to natural disaster, systems break down, or attack.

Read this Issue Paper: Information Risk Management in the Enterprise