Securing Information
Strengthening Business

What information, where? The first step in Information Risk Management

Before you look at how to protect your valuable information it is important to be clear on what information you need to protect and where it sits in your organisation. This is a vital first step in the Information Risk Management process (see Ascentor’s 4 step Information Risk Management Process )and one that is sometimes forgotten.

Things change fast with business and information

Many organisations carried out a data audit when privacy legislation first came in (this was a requirement of the Data Protection Act of 1998 ) but this was a long time ago now. It was a snapshot in time, and things change fast when it comes to business and information.

As your company grows, so do your information risks. Information volumes creep up over time: strategic decisions, new projects, new partnerships, new technology – all have an impact and require careful change management.

Is that new information more or less valuable than that previously held; does that new contract require more or less rigour in the protection of the customer’s data? Important questions that need an answer.

The need for regular audit

In the way that good stock control starts with an understanding of what stock is held and where it can be found, so the management of information and consequently information risks must start with knowing what information is held and where. But this can’t be a ‘once and done’ activity.

Organisation’s need a regular audit process that allows for the recording of all information and where it sits. Regular information audits will help you to understand the value of your information – a crucial process to embed in the business, ideally undertaken every year; sometimes more often in high risk or dynamic environments.

Good decisions require good information

Knowing what and where your valuable information is will enable you to make better investment decisions on how to protect it, ensuring money is spent on controls that mitigate the risks you care about the most, not the ones the hardware and software resellers want you to spend money on.

Managing information risks gives you the visibility and confidence you need to make the right decisions to protect your information and strengthen your business. It all starts with knowing what information, where.

Is it time for an information audit?

Article by Dave James , MD of Ascentor

Other articles you might like:

For Further Information

If you have any questions about the topics we've covered, or would like to have a chat about any aspect of your own cyber security strategy, please get in touch with the team at Ascentor.

Please use the contact details below - also found on our Contact Us page.


Fields marked with an * are required
Share this:

You may also be interested in:

Building business resilience - through Information Security, Business Continuity and Disaster Recovery

How would you recover if something went drastically wrong with some, or all of your business operations? When we think of worst case scenarios,

Ascentor’s cyber security review of 2020

2020 wasn’t the first year where a virus emerged causing large scale disruption and opportunities for cybercrime. It was, however, the first time

Cyber security myths home workers fall for

From King Arthur to the moon landings that (allegedly) didn’t happen, it’s surprising what people want to believe without any real basis in fact.