Managing Information Risks

Managing Information Risks

Threats, Vulnerabilities, and Responses

William Saffady


  • Description
  • Author
  • Info
  • Reviews


Managing Information Risks: Threats, Vulnerabilities, and Responses identifies and categorizes risks related to creation, collection, storage, retention, retrieval, disclosure and ownership of information in organizations of all types and sizes. It is intended for risk managers, information governance specialists, compliance officers, attorneys, records managers, archivists, and other decision-makers, managers, and analysts who are responsible for risk management initiatives related to their organizations’ information assets.

An opening chapter defines and discusses risk terminology and concepts that are essential for understanding, assessing, and controlling information risk. Subsequent chapters provide detailed explanations of specific threats to an organization’s information assets, an assessment of vulnerabilities that the threats can exploit, and a review of available options to address the threats and their associated vulnerabilities. Applicable laws, regulations, and standards are cited at appropriate points in the text. Each chapter includes extensive endnotes that support specific points and provide suggestions for further reading.

While the book is grounded in scholarship, the treatment is practical rather than theoretical. Each chapter focuses on knowledge and recommendations that readers can use to:

  • heighten risk awareness within their organizations,
  • identify threats and their associated consequences,
  • assess vulnerabilities,
  • evaluate risk mitigation options,
  • define risk-related responsibilities, and
  • align information-related initiatives and activities with their organizations’ risk management strategies and policies.

Compared to other works, this book deals with a broader range of information risks and draws on ideas from a greater variety of disciplines, including business process management, law, financial analysis, records management, information science, and archival administration. Most books on this topic associate information risk with digital data, information technology, and cyber security. This book covers risks to information of any type in any format, including paper and photographic records as well as digital content.


William Saffady:
William Saffady is a records management and information governance consultant and researcher based in New York City. He is the author of over three-dozen books and many articles on information governance, records management, record retention, document storage and retrieval technologies, library automation, and other information management topics. Dr. Saffady received his B.A. degree from Central Michigan University and his M.A., Ph.D, and M.S.L.S. degrees from Wayne State University. Before establishing his full-time consulting practice, he was a professor of library and information science at the State University of New York at Albany, Long Island University, Pratt Institute, and Vanderbilt University. Dr. Saffady is a Fellow of ARMA International, and he is profiled in the Encyclopedia of Archival Writers, 1515-2015, a reference work published by Rowman & Littlefield in 2019.