Welcome to the SecAware blog

I spy with my beady eye ...

5 Feb 2018

NBlog February 5 - protecting information awareness module

‘Protecting information’ is a non-specific title. Almost everything that we do is about protecting information so what does February's NoticeBored awareness module actually cover?

'Protecting information' begs questions such as:
  • What is the information that deserves or needs to be protected?
  • What are the risks the information is protected against - the threats, vulnerabilities and impacts?
  • How can or should the information be protected?
  • Who is responsible for protecting it?
For the answers, we drew inspiration from the fields of information risk management, intellectual property and knowledge management, as well as information security and governance. 

As usual, we chose to discuss all kinds or forms of information in the typical business context - not just computer data. 'Knowledge' for instance includes workers' experience and expertise, trade secrets and know-how in general. The corresponding information risks and controls are quite diverse.

Information classification is one of the key controls patiently explained. The process of classifying and protecting information is more involved than it may appear. Awareness is particularly important for organizations handling government and defense information: it’s all very well stamping SECRET on your manila folders, but what does that actually mean, in practice? What does it achieve? What's the point? How does it work?

The materials promote a balanced and considered approach towards protecting information. Excessively strong information security reduces legitimate access to, and utility of, the information. The very value we seek to protect can be degraded by too much security. Many information/cyber security professionals would do well to consider this paradox! Protecting the availability of information sometimes means compromising on the controls for confidentiality and integrity.

Get in touch if this brief outline has whetted your appetite: if 'protecting information' sounds like something your people should know about, we have the creative content to make it so.

No comments:

Post a Comment