Published Jun 16, 2021
What Does Understanding Information Have to Do with Security?
In the age of digital collaboration, information is your most important asset. However, threats to your information are much more likely to come from inside your organization than externally, and are as often accidental as they are malicious. But every waking minute in the lifecycle of an organization involves enormous amounts of information being created, shared, copied, and edited. It becomes nearly impossible to recognize which information carries more weight, which ideas require stricter governance. So how do we know what requires our attention?
Understanding the meaning of the information and the activities associated presents a significant challenge, which is why it has not always received the necessary attention. But if collaboration and information sharing – the driver of productivity – haven’t been properly managed, organizations risk information leakage.
If information becomes lost, there can be several unpleasant consequences, such as reputational damage or the exposure of sensitive information. It will soon become painfully clear that understanding information in-depth and in context is an indispensable necessity for future industry leaders.
Introducing Information Intelligence
Understanding your information shouldn’t be limited to discoverable terms such PII, PHI, PCI, or financial indicators. This metrics have served us well in for compliance, yet the vast majority of our information does not fit within easily defined categories. This means that we must contextualize information through a more refined, multi-layered lens.
This approach should cover three pillars of analysis:
- First, it is fundamental to understand what ideas are being communicated. What is being said? How is it being expressed?
- Second, it is important to identify the purpose of the information: Why has the information been compiled? Is it a budget? Is it a resume? This can help you understand the capacity in which it should be used.
- Third, what entities are involved with this information? Are people named? Organizations? Recognizing the context of information is integral knowing who should be seeing it.
Today, it is simply not enough to just monitor files; we must be able to track the spread of ideas. One idea can be spread across many locations, among drafts, versions, and copies. Knowing how ideas have spread is crucial to maintaining control. These considerations will help us catalyze an improved cognitive approach to information security.
The Key to Protection is Understanding
Conducting effective InfoSec means understanding your information much more deeply. It requires an understanding beyond traditional indicators. Achieving this increasingly enables you to know what your information is and how to protect it. Until a multi-dimensional approach is employed to confront emerging changes, the InfoSec industry will be unable to bridge the gap between what needs protecting and what is being protected.