Today, more than ever, access to electronic information is vital to an organization’s operation. Carefully assessing your organization against the Information risks discussed below, is the first stage in identifying where your organization is most vulnerable and in defining a roadmap for implementing governance controls and monitoring to protect your information assets.
8 Things You Need to Know about Information Risk
Information is a critical asset of every organization. “Information Risk” can be defined as any possible event that prevents critical information from being used as the business intended it to. The most critical information risks are:
1. We didn’t keep it (Non-capture) – The risk of critical information not being captured into the system.
If the email gets deleted, the attachment is gone for good. Users, driven by delivery pressures and performance controls, often bypass or ignore good house-keeping practices needed for compliance policies and business continuity. Using process-controlled, automated declaration and classification procedures for capturing both paper and electronic records, this risk can be significantly mitigated.
2. It was on the disk that crashed (Loss) – The risk of captured information being accidentally removed from the system.
In order to avoid the risk of information being accidentally lost from the system, organizations must invest time in selecting the right storage, availability and disaster recovery architectures. In a controlled environment, the system also needs to provide specific “hold” or “freeze” mechanisms which prevent normal information disposition schedules from inadvertently removing critical information, for example, when litigation is in progress.