We have been talking about Information Security for a few years now, but with the changes in legislation earlier this year that means you can incur £500K fines, it’s time to look beyond the reactive and towards the proactive. Time to move from Information Security to Information Assurance.
So why Information Assurance rather than just Information Security? Businesses rely on information, and most realise that accurate, available and appropriately shared information is key to growing a business. Conversely, missing or inaccurate information in the wrong hands will damage the business and potentially the business’ reputation.
From a security aspect, it is only the security of the information and systems that is taken into account. Data loss prevention and all the, now commonplace measures to prevent it, coupled with endpoint and datacentre security strategies enable companies to ‘tick the box’. Reporting and auditing are key for this to be provable so that information is kept safe and the newspapers and legislators held at bay. Assurance is all this – and more! Information assurance is about assessing the business’ ability to keep the information safe and that it is accurate and available - to the right people at the right time. It’s about developing a shared understanding across all areas of the business as to how information is used, and its about improving the information available according to business priorities.
As we start to move out of recession, but while the purse strings are still being tightly held it is time to revisit information strategies and look at how information can be used more effectively to drive the business. New rapid assessment services are starting to appear which can build on your information security policies and turn them into information assurance ones.