Perhaps this isn’t how things work.. Though in my head.
Information falls into one of three camps:
- Information Governance
- Information Management
- Information Assurance.
My definitions are as follows:
Information Governance. All about having controls in place to ensure that risks are managed. Where risks can’t be managed (for whatever reason) having the framework in place to ensure that the right person is aware of the risks.
Information Management. Ensure that the information has a life-cycle, that information is owned and that the information is available to those people that need it. Though also, to ensure that information is archived or deleted when no longer required.
Information Assurance. To ensure that information is protected. To determine whether information needs to be kept secret (confidentiality), unchanged (integrity) and available. To ensure that each of the where there may be risks to the above, they are managed.
I personally think there are interdependences between these three disciplines. A simple triangle is shown below:
Whilst quite a basic image, it would help if you knew where you currently were (roughly) on the graph and then where you needed to be. This might be the first steps towards embarking on a journey to help understand how to protect your information.