Information Risk Management Toolkit

Downloadable Resources, Instant Access

In partnership with department peers, establish and provide KPIs to technical teams, senior leadership, and third party organizations to analyze and report on effectiveness of vulnerability/application security program and identify opportunities for improvement.

More Uses of the Information Risk Management Toolkit:

  • Drive employee engagement and understanding using effective change manage techniques to elevate the risk management program beyond compliance of policies and towards adopting a security and privacy mindset.

  • Take lead role in partnering with multiple projects and initiatives to apply security architecture requirements, develop architecture solutions, integrate security into solution designs, access risks of security gaps, and develop architecture remediation.

  • Design and build Cyber Architecture and Engineering to ensure the appropriate architecture and engineering solutions to support the cyber fusion model (in line with specified Fusion requirements).

  • Ensure security controls adhere to requirements as applicable to the scope of work, contractual agreements, regulatory considerations, business needs and best practice security standards.

  • Support development of program performance measures and metrics for the Associate Director of Information Services as part of Office of Finance, Administration, and Information Services strategic planning initiatives.

  • Manage to develop and communicate security strategies and plans to executive team, staff, partners, customers, and stakeholders and to collaborate with IT leaders, privacy officer, and human resources to ensure security and privacy policies are met.

  • Manage to participate as a member of the senior management team to develop long term strategies and organizational governance, and to creatively and independently provide resolution to security problems in a cost effective manner.

  • Join your team of cybersecurity professionals who collaborate with Leaders in IT and Security professionals, and clients to investigate and support cybersecurity engagements within your organization.

  • Working with functional and technical groups to identify improvements in organization wide data related business processes, scope requirements, and impacts related to system and/or process changes.

  • Ensure you are the perfect balance of advanced technical knowledge and strategic business acuity who is comfortable engaging with senior level decision makers to convey business value of security.

  • Manage to develop and oversee the implementation of a standard IT portfolio and project management process while ensuring appropriate application of project management methodology across all projects.

  • Provide guidance and training with respect to IT audit and regulatory compliance requirements to ensure IT controls are appropriately designed and executed, resulting in audit and regulatory compliance.

  • Be accountable for the development and execution of short and long term talent and organizational development plans to build critical capabilities, drive key change initiatives and cultivate.

  • Work with hosting facility system administrators to develop and maintain a comprehensive disaster recovery plan, manage database backups by determining and implementing appropriate strategies and periodically test backups to ensure database recoverability.

  • Manage to analyze external IT influences as new technologies, desired changes in technology standards, changes in strategic direction and regulatory requirements to determine the potential impacts on the enterprise and IT operations.


Get this toolkit, and you'll be guided from idea to implementation and results.

This toolkit contains the following powerful enablers with new and updated Information Risk Management specific requirements.


STEP 1: Get your bearings

Start with...

  • The latest quick edition of the Information Risk Management Self Assessment book in PDF containing 49 requirements to perform a quickscan, get an overview and share with stakeholders.

Organized in a data driven improvement cycle RDMAICS (Recognize, Define, Measure, Analyze, Improve, Control and Sustain), check the…

  • Example pre-filled Self-Assessment Excel Dashboard to get familiar with results generation

Then find your goals...

STEP 2: Set concrete goals, tasks, dates and numbers you can track

Featuring 992 new and updated case-based questions, organized into seven core areas of process design, this Self-Assessment will help you identify areas in which Information Risk Management improvements can be made.

Examples; 10 of the 992 standard requirements:

  1. Do you believe the management team or executives at the highest level of your organization truly understand the time and resources needed to mitigate risk and minimize cyberthreat exposure?

  2. How does your organization ensure that risks to asset management activities associated with the introduction of new assets, asset systems, technology, contractors or suppliers are managed?

  3. Does the person (and/or your managed service provider) responsible for overseeing the IT function in your restaurant keep up with changing industry standards and regulatory requirements?

  4. Are there structured training programs to ensure that all staff are provided with adequate quality, safety and risk management information, instruction and training appropriate to role?

  5. Is top management clear about the nature and extent of the significant risks it is willing to take and the opportunities it is willing to pursue in achieving its strategic objectives?

  6. How does your organization ensure that risks to asset management activities associated with the management of change of organizational structures, roles or responsibility are managed?

  7. What information has management provided to help the board assess which critical business assets and critical partners, including third parties, are most vulnerable to cyber attacks?

  8. How can demand response and intermittent resources be integrated into the risk management practices of your organization and ultimately lead to greater stability of cash flow?

  9. Does management use its routine monitoring of performance data to help ensure data quality by, for example, seeking explanations of variations between out turn and target?

  10. Is there a process in place for identifying and communicating emerging AML and other fraud risks to enable management and the board to be proactive in responding to them?

Complete the self assessment, on your own or with a team in a workshop setting. Use the workbook together with the self assessment requirements spreadsheet:

  • The workbook is the latest in-depth complete edition of the Information Risk Management book in PDF containing 992 requirements, which criteria correspond to the criteria in...

Your Information Risk Management self-assessment dashboard which gives you your dynamically prioritized projects-ready tool and shows your organization exactly what to do next:

  • The Self-Assessment Excel Dashboard; with the Information Risk Management Self-Assessment and Scorecard you will develop a clear picture of which Information Risk Management areas need attention, which requirements you should focus on and who will be responsible for them:

    • Shows your organization instant insight in areas for improvement: Auto generates reports, radar chart for maturity assessment, insights per process and participant and bespoke, ready to use, RACI Matrix
    • Gives you a professional Dashboard to guide and perform a thorough Information Risk Management Self-Assessment
    • Is secure: Ensures offline data protection of your Self-Assessment results
    • Dynamically prioritized projects-ready RACI Matrix shows your organization exactly what to do next:


STEP 3: Implement, Track, follow up and revise strategy

The outcomes of STEP 2, the self assessment, are the inputs for STEP 3; Start and manage Information Risk Management projects with the 62 implementation resources:

  • 62 step-by-step Information Risk Management Project Management Form Templates covering over 1500 Information Risk Management project requirements and success criteria:

Examples; 10 of the check box criteria:

  1. Project or Phase Close-Out: What benefits or impacts does the stakeholder group expect to obtain as a result of the Information Risk Management project?

  2. Risk Register: What is the appropriate level of risk management for this Information Risk Management project?

  3. Procurement Audit: Access to data, including standing data, and the identification of restriction levels and authorised personnel was in place?

  4. Stakeholder Analysis Matrix: How are you predicting what future (work)loads will be?

  5. Team Member Performance Assessment: What instructional strategies were developed/incorporated (e.g., direct instruction, indirect instruction, experiential learning, independent study, interactive instruction)?

  6. Human Resource Management Plan: Have the key elements of a coherent Information Risk Management project management strategy been established?

  7. Activity Duration Estimates: Consider the changes in the job market for information technology workers. How does the job market and current state of the economy affect human resource management?

  8. Procurement Audit: Is the routing of copies of purchase order forms defined?

  9. Project Performance Report: To what degree are the tasks requirements reflected in the flow and storage of information?

  10. Stakeholder Management Plan: Have Information Risk Management project team accountabilities & responsibilities been clearly defined?

Step-by-step and complete Information Risk Management Project Management Forms and Templates including check box criteria and templates.

1.0 Initiating Process Group:

  • 1.1 Information Risk Management project Charter
  • 1.2 Stakeholder Register
  • 1.3 Stakeholder Analysis Matrix

2.0 Planning Process Group:

  • 2.1 Information Risk Management project Management Plan
  • 2.2 Scope Management Plan
  • 2.3 Requirements Management Plan
  • 2.4 Requirements Documentation
  • 2.5 Requirements Traceability Matrix
  • 2.6 Information Risk Management project Scope Statement
  • 2.7 Assumption and Constraint Log
  • 2.8 Work Breakdown Structure
  • 2.9 WBS Dictionary
  • 2.10 Schedule Management Plan
  • 2.11 Activity List
  • 2.12 Activity Attributes
  • 2.13 Milestone List
  • 2.14 Network Diagram
  • 2.15 Activity Resource Requirements
  • 2.16 Resource Breakdown Structure
  • 2.17 Activity Duration Estimates
  • 2.18 Duration Estimating Worksheet
  • 2.19 Information Risk Management project Schedule
  • 2.20 Cost Management Plan
  • 2.21 Activity Cost Estimates
  • 2.22 Cost Estimating Worksheet
  • 2.23 Cost Baseline
  • 2.24 Quality Management Plan
  • 2.25 Quality Metrics
  • 2.26 Process Improvement Plan
  • 2.27 Responsibility Assignment Matrix
  • 2.28 Roles and Responsibilities
  • 2.29 Human Resource Management Plan
  • 2.30 Communications Management Plan
  • 2.31 Risk Management Plan
  • 2.32 Risk Register
  • 2.33 Probability and Impact Assessment
  • 2.34 Probability and Impact Matrix
  • 2.35 Risk Data Sheet
  • 2.36 Procurement Management Plan
  • 2.37 Source Selection Criteria
  • 2.38 Stakeholder Management Plan
  • 2.39 Change Management Plan

3.0 Executing Process Group:

  • 3.1 Team Member Status Report
  • 3.2 Change Request
  • 3.3 Change Log
  • 3.4 Decision Log
  • 3.5 Quality Audit
  • 3.6 Team Directory
  • 3.7 Team Operating Agreement
  • 3.8 Team Performance Assessment
  • 3.9 Team Member Performance Assessment
  • 3.10 Issue Log

4.0 Monitoring and Controlling Process Group:

  • 4.1 Information Risk Management project Performance Report
  • 4.2 Variance Analysis
  • 4.3 Earned Value Status
  • 4.4 Risk Audit
  • 4.5 Contractor Status Report
  • 4.6 Formal Acceptance

5.0 Closing Process Group:

  • 5.1 Procurement Audit
  • 5.2 Contract Close-Out
  • 5.3 Information Risk Management project or Phase Close-Out
  • 5.4 Lessons Learned



With this Three Step process you will have all the tools you need for any Information Risk Management project with this in-depth Information Risk Management Toolkit.

In using the Toolkit you will be better able to:

  • Diagnose Information Risk Management projects, initiatives, organizations, businesses and processes using accepted diagnostic standards and practices
  • Implement evidence-based best practice strategies aligned with overall goals
  • Integrate recent advances in Information Risk Management and put process design strategies into practice according to best practice guidelines

Defining, designing, creating, and implementing a process to solve a business challenge or meet a business objective is the most valuable role; In EVERY company, organization and department.

Unless you are talking a one-time, single-use project within a business, there should be a process. Whether that process is managed and implemented by humans, AI, or a combination of the two, it needs to be designed by someone with a complex enough perspective to ask the right questions. Someone capable of asking the right questions and step back and say, 'What are we really trying to accomplish here? And is there a different way to look at it?'

This Toolkit empowers people to do just that - whether their title is entrepreneur, manager, consultant, (Vice-)President, CxO etc... - they are the people who rule the future. They are the person who asks the right questions to make Information Risk Management investments work better.

This Information Risk Management All-Inclusive Toolkit enables You to be that person.


Includes lifetime updates

Every self assessment comes with Lifetime Updates and Lifetime Free Updated Books. Lifetime Updates is an industry-first feature which allows you to receive verified self assessment updates, ensuring you always have the most accurate information at your fingertips.