top of page

What is Information Risk?

positioning of Information Risk
information risk

Information risk is effectively the core to securing valuable information and/or data whereas the threats to the exploitation or unauthorised access to such information can come from four components. The different components are risk factors to the security of information being the following:

  1. Operational Risk

  2. Compliance Risk

  3. Technology Risk

  4. Legal Risk

Information security managers and practioner's should consider each element or component in turn to minimise the threat of any information and data breaches.

Certain considerations may overlap the components for example the I.T. and cybersecurity awareness of employees of an organisation, where there behaviours and culture concerning the security of information can overlap the operational, compliance and technology if not all four components.

This concept of what information risk is and the components or factor that make up the jigsaw only underlines the responsibilities of those roles assigned to manage Information security like those working in "Infosec" although there are many defined roles these days as the risk of to the loss of information has been heightened and the impact to businesses and states has ben evident on past DDOS (Distributed Denial of Service attacks like in Estonia and locally the WAP2 attack.

Many organisations under-estimate the true impact of being a victim of data-theft, fraud or a cyber-attack that can compromise their valued information on their business, their stakeholders and partners and most concerning their customer-base. this will inevitably result in reputational harm to that organisation, specifically in the confidence to maintain security of information.

Organisations should prepare plans of action in an emergency or crisis where information is compromised or they are attacked in cyberspace be that by cyber-criminals or terrorists.

Many forward-thinking businesses where information is a key driver to their organisation or business have systems in place to continually review the effectiveness of their information security, as the methods to access information become more sophisticated and the attackers are able to mask their identity and location therefore they remain anonymous which makes it difficult to hold those responsible to account and bring them to justice.

The recent emergence of cyber incidence plans, using the cyber-kill chain and protecting the organisations information by employing cyber-threat Intelligence analysts to identify current, emerging and future threats to the security of your information has become more common in corporate security.

Furthermore Fin-tech (Financial Technology) risks and accessing Banks information has been to date effectively guarded by hiring opposing teams - Red (aka -PENTESTERS (Penetration testers) who are the offensive attackers whose aim is to find a way to break through the security and access the information whilst the Blue team - who are the defensive team battle it out daily to ensure the banks cybersecurity is optimised and where faults and flaws in security are found they are promptly fixed.

By far the most criminally beneficial form of attack by trend analysis has been the favoured 'Ransomware' attack this is where the valuable information of your organisation has been accessed and usually held at ransom to release. The cyber-criminals demand money often in digital currency. This is the new form of digital blackmail with no guarantees they will live up to the promises to return the information once the ransom demand has been paid.

In this Instance its is advisable to get in touch as soon as possible with both the fraud detection and cyber crime lines to inform them of the attack.

Finally if your concerned about the security of your information or would like a review to the threats to your organisations information, we at Garrett security and risk consultancy would like to collaborate with you to maximise your information security and reduce the likelihood of YOU AND YOUR organisation being a victim of an attack.

Your organisation being impacted by the loss or compromise of information is not a desired outcome for growth and success....

Act now and protect your information, deny the criminals, competitors and terrorists the information that you value.

Visit and book a FREE discovery call at:


Call: 0208 895 6482



bottom of page