Welcome to NBlog, the NoticeBored blog

I may meander but I'm 'exploring', not lost

Jan 12, 2018

NBlog January 12 - microwave ready meals

February's working title "Protecting information" is so vague as to be almost meaningless, yet it is written in an active sense, hinting at the process or practice of protecting information - the things we actually do, or should consider doing at least. We might instead have gone for "Information protection", placing more emphasis on the principles than the practices but, in keeping with yesterday's piece about engaging our reader on an individual basis, the new materials will be relatively simple and pragmatic: I'm thinking checklists and action plans, stuff that the reader can pick up and use directly.

More "Microwave ready meal" than "Michelin chef's secret recipe".

Leafing through our stash of awareness content, we have previously delved into information classification schemes (what they are for, how they are designed and how they typically work): this time around we might skim or ignore the theory to focus on using classification in practice, as a workplace tool - how to do it, basically.

Hmmm, I wonder if I can write a Haynes Manual-style step-by-step classification guide, with pictures?

We've also explored knowledge management and intellectual property rights before - again fairly academic or theoretical concerns. It will take a bit more head-scratching to think of practical applications that people can relate to. Straight-talking advice on 'What to look for in a license' maybe?  Maybe not.

Another area we have covered repeatedly is information risk management, a structured approach that underpins the entire domain, including the ISO27k standards. The management aspects remain relevant for our customers' managers but for February I'm tempted to skirt around the conventional information risk and security perspective (identifying and characterising the risks, then applying security controls to mitigate them) to find real-world examples of risk avoidance, risk sharing and/or risk acceptance. So now I'm on the look-out for examples of real-world situations where tightening the controls is not necessarily the best approach ....