information governance
The importance of (correct) information
Information is vital to any business, but only the correct, reliable, available information represents the input required for making an intelligent decision.
Corrupt, incomplete, or just delayed information cost time and money and chip on the credibility, reputation and even stability of a business.
The building blocks of any useful information are clusters of data, printed on paper or in its digital format that is collected and stored each day, in high resolution thanks to the latest technological advancements. Algorithms running on standalone computers or clusters of virtual machines process the data in order to identify patterns and therefore extract useful information that would an advantage against the competition, or in helping with solving various crimes. At the same time, there is a potential that these operations could be performed by criminal organisations to help achieve their malicious goals.
With the incredible amount of processing power available, complex algorithms implementing machine learning and artificial intelligence algorithms, the vast and increasing pool of data will most certainly give away some precious information at some point in time. The emerging need seems to become in this situation protecting it from unauthorised access or modification.
Throughout the years, standards, laws and acts have been created and imposed, or simply recommended to companies and institutions involved in capturing and processing data, especially sensitive data. Aware of the power the information, i.e. knowledge, offers to whomever possess it, rules had to be created to protect individuals and businesses.
What about the actual governance?
The name itself implies the participation of the decision makers of an organisation in guiding and driving the implementation of a secured information assets handling.
The rules agreed upon (i.e. policies) would create the context in which the responsibility and accountability for handling the information are exercised and to establish and enforce the procedures within the company in order to comply with the regulations in place, to operate its business and deliver services.
In other words, Information Governance should also provide a structure to bridge the gaps created by areas of business left un-integrated and uncovered by the existing security procedures.