What information, where? The first step in Information Risk Management

Before you look at how to protect your valuable information it is important to be clear on what information you need to protect and where it sits in your organisation. This is a vital first step in the Information Risk Management process (see Ascentor’s 4 step Information Risk Management Process )and one that is sometimes forgotten.

Things change fast with business and information

Many organisations carried out a data audit when privacy legislation first came in (this was a requirement of the Data Protection Act of 1998 ) but this was a long time ago now. It was a snapshot in time, and things change fast when it comes to business and information.

As your company grows, so do your information risks. Information volumes creep up over time: strategic decisions, new projects, new partnerships, new technology – all have an impact and require careful change management.

Is that new information more or less valuable than that previously held; does that new contract require more or less rigour in the protection of the customer’s data? Important questions that need an answer.

The need for regular audit

In the way that good stock control starts with an understanding of what stock is held and where it can be found, so the management of information and consequently information risks must start with knowing what information is held and where. But this can’t be a ‘once and done’ activity.

Organisation’s need a regular audit process that allows for the recording of all information and where it sits. Regular information audits will help you to understand the value of your information – a crucial process to embed in the business, ideally undertaken every year; sometimes more often in high risk or dynamic environments.

Good decisions require good information

Knowing what and where your valuable information is will enable you to make better investment decisions on how to protect it, ensuring money is spent on controls that mitigate the risks you care about the most, not the ones the hardware and software resellers want you to spend money on.

Managing information risks gives you the visibility and confidence you need to make the right decisions to protect your information and strengthen your business. It all starts with knowing what information, where.

Is it time for an information audit?

Article by Dave James , MD of Ascentor

Other articles you might like:

You may also be interested in:

Work from home cyber security myths

Cyber security myths home workers fall for

Home workers are a growing gateway to your data and systems. If they believe any of these popular cyber security myths, your security is at serious risk.

Cyber security working from home

Managing good cyber security when working from home - what employers need to know

Home working carries increased security risks, but it doesn’t have to be open season for cyber criminals. These tips will help you put together a robust level of cyber security for your home based employees.

Cyber Essentials is changing - our overview

As the IASME Consortium takes over the management of the certification of Cyber Essentials (CE) Scheme, we look at what the changes will involve and why the scheme is still very much needed.