Information Governance
Added on 2022-11-28
23 Pages5882 Words443 Views
Running head: INFORMATION GOVERNANCE
Information Governance
Name of the Student
Name of the University
Author’s Note:
Information Governance
Name of the Student
Name of the University
Author’s Note:
1
INFORMATION GOVERNANCE
Table of Contents
1. Introduction............................................................................................................................2
2. Proposal of Risk Management to enhance Operational and Environmental Security of the
Company....................................................................................................................................2
2.1 Objective of the Risk Management..................................................................................2
2.2 Identification of Information Assets................................................................................4
2.3 Risk Assessment...............................................................................................................6
2.4 Risk Control.....................................................................................................................8
2.5 Business Continuity Planning........................................................................................10
3. Staff Training and Security Considerations.........................................................................12
3.1 Ethical, Legal and Regulatory Compliance...................................................................12
3.2 Data Protection Act........................................................................................................14
3.3 Data Breach Incidents....................................................................................................14
3.4 Suitable Framework for ensuring Prevention of Data Breaches....................................15
3.5 Ensuring Policy in place with Quarterly Review...........................................................15
3.6 Process of Company complying GDPR or Reporting to any Suspected Fraud Activity
..............................................................................................................................................16
4. Conclusion............................................................................................................................17
References................................................................................................................................18
INFORMATION GOVERNANCE
Table of Contents
1. Introduction............................................................................................................................2
2. Proposal of Risk Management to enhance Operational and Environmental Security of the
Company....................................................................................................................................2
2.1 Objective of the Risk Management..................................................................................2
2.2 Identification of Information Assets................................................................................4
2.3 Risk Assessment...............................................................................................................6
2.4 Risk Control.....................................................................................................................8
2.5 Business Continuity Planning........................................................................................10
3. Staff Training and Security Considerations.........................................................................12
3.1 Ethical, Legal and Regulatory Compliance...................................................................12
3.2 Data Protection Act........................................................................................................14
3.3 Data Breach Incidents....................................................................................................14
3.4 Suitable Framework for ensuring Prevention of Data Breaches....................................15
3.5 Ensuring Policy in place with Quarterly Review...........................................................15
3.6 Process of Company complying GDPR or Reporting to any Suspected Fraud Activity
..............................................................................................................................................16
4. Conclusion............................................................................................................................17
References................................................................................................................................18
2
INFORMATION GOVERNANCE
1. Introduction
Information governance (IG) can be referred to as the proper management of
information within any particular company. Information governance focuses on CIA or
confidentiality, integrity and availability of the confidential data under every circumstance
and hence providing proper guidance over data security (Tallon, Ramirez and Short 2013).
The report highlights a proper discussion on information governance program for a popular
national dating agency, known as PM or Private Match. This particular website matches
people, who are looking for a partner with similar personalities and interests. Around 6
offices are present of this company and they have been expanding their business majorly.
They had IT support teams for every office and current they are using their own server
equipment for storing the data. The administrator of Private Match uses algorithms of
artificial intelligence that automatically notify the client as soon as match is being found. The
user can accept, reject and even mark as tentative for later reviewing. With the help of AI, it
is being observed that matching is done in a better manner. Since, customers are providing
personal data, it is quite important to include information governance. It would help them in
securing CIA or confidentiality, integrity and availability of data. This report will be
providing details regarding two most important segment of risk management and staff
training as well as security consideration.
2. Proposal of Risk Management to enhance Operational and Environmental Security
of the Company
2.1 Objective of the Risk Management
Private Match requires risk management in their business for enhancing their
operational and environmental security of the organization (Smallwood 2014). The main
objective of this risk management is identifying the potential issues even before they occur so
INFORMATION GOVERNANCE
1. Introduction
Information governance (IG) can be referred to as the proper management of
information within any particular company. Information governance focuses on CIA or
confidentiality, integrity and availability of the confidential data under every circumstance
and hence providing proper guidance over data security (Tallon, Ramirez and Short 2013).
The report highlights a proper discussion on information governance program for a popular
national dating agency, known as PM or Private Match. This particular website matches
people, who are looking for a partner with similar personalities and interests. Around 6
offices are present of this company and they have been expanding their business majorly.
They had IT support teams for every office and current they are using their own server
equipment for storing the data. The administrator of Private Match uses algorithms of
artificial intelligence that automatically notify the client as soon as match is being found. The
user can accept, reject and even mark as tentative for later reviewing. With the help of AI, it
is being observed that matching is done in a better manner. Since, customers are providing
personal data, it is quite important to include information governance. It would help them in
securing CIA or confidentiality, integrity and availability of data. This report will be
providing details regarding two most important segment of risk management and staff
training as well as security consideration.
2. Proposal of Risk Management to enhance Operational and Environmental Security
of the Company
2.1 Objective of the Risk Management
Private Match requires risk management in their business for enhancing their
operational and environmental security of the organization (Smallwood 2014). The main
objective of this risk management is identifying the potential issues even before they occur so
3
INFORMATION GOVERNANCE
that the risk handling activities might be planned as well as invoked for mitigating the
adverse effects over achievement of the objectives. The administrator of PM would be able to
detect, analyse and even manage the threats. Successful detection of the threats mainly
includes identification of the vulnerabilities and threats that could be affecting the respective
assets of the company. An effective risk management involves a proper risk identification
through better involvement and collaboration of all stakeholders. A strong leadership with
every stakeholder is required for establishment of the environment for open discussion and
disclosure of risks (Van Grembergen and De Haes 2018). There are three components of risk
management, which are as follows:
i) Risk Identification: The first component is risk identification, in which the
inventory assets are identified and prioritized. Finally, the threats and risks are identified and
prioritized. For Private Match, the main assets include IT infrastructure, servers, database,
software applications and software packages. Since, they are dealing with customers’ data, it
is evident that they would require high level of risk management, so that there exists no
option of data loss under any circumstance.
ii) Risk Assessment: The second component of risk management is risk assessment,
by which the vulnerabilities within threats and assets could be identified and the asset
exposure is identified as well as quantified (Caldicott 2013). The risk factors could be easily
identified so that risk evaluation is possible in PM without much complexity.
iii) Risk Control: The final component of risk management is risk control. It is the
collection of methodologies, through which the organizations are able to evaluate the
potential losses before taking any action for successful reduction or elimination of the threats.
It is required to manage or control the risks effectively so that PM does not face any type of
complexity.
INFORMATION GOVERNANCE
that the risk handling activities might be planned as well as invoked for mitigating the
adverse effects over achievement of the objectives. The administrator of PM would be able to
detect, analyse and even manage the threats. Successful detection of the threats mainly
includes identification of the vulnerabilities and threats that could be affecting the respective
assets of the company. An effective risk management involves a proper risk identification
through better involvement and collaboration of all stakeholders. A strong leadership with
every stakeholder is required for establishment of the environment for open discussion and
disclosure of risks (Van Grembergen and De Haes 2018). There are three components of risk
management, which are as follows:
i) Risk Identification: The first component is risk identification, in which the
inventory assets are identified and prioritized. Finally, the threats and risks are identified and
prioritized. For Private Match, the main assets include IT infrastructure, servers, database,
software applications and software packages. Since, they are dealing with customers’ data, it
is evident that they would require high level of risk management, so that there exists no
option of data loss under any circumstance.
ii) Risk Assessment: The second component of risk management is risk assessment,
by which the vulnerabilities within threats and assets could be identified and the asset
exposure is identified as well as quantified (Caldicott 2013). The risk factors could be easily
identified so that risk evaluation is possible in PM without much complexity.
iii) Risk Control: The final component of risk management is risk control. It is the
collection of methodologies, through which the organizations are able to evaluate the
potential losses before taking any action for successful reduction or elimination of the threats.
It is required to manage or control the risks effectively so that PM does not face any type of
complexity.
4
INFORMATION GOVERNANCE
2.2 Identification of Information Assets
Risk can be defined as the possibility to lose anything of value such as assets,
resources for any company. Information asset like a body of knowledge, which is eventually
organized as well as managed as one single entity (Hagmann 2013). For any specific
corporate asset, the information assets of the company comprise of financial values. This
particular value increments in the direct relationship to those people, who have the core
ability of making use of the information. Since, any information comprises of a shorter life
cycle, it has the tendency of depreciating over time like several other corporate assets. Speed
at which information value is being lost mainly is dependent on the type of information the
asset could represent and level of accuracy the information is remaining on time. In
maximum companies, this information could not be utilized as a liability. The information
asset could be sub divided as per criteria for not only the frequency of use or relative
importance (Silic and Back 2013). The information assets of PM are extremely important and
significant for the success of the company and even for improving future revenue or
reduction of future expenses. The major information assets of PM are as follows:
i) Strategies: The first information asset of PM is their business strategies. They have
made unique business strategies for gaining competitive advantages. These strategies,
objectives, goals and plans are required for improving the current position of the company
within the existing market.
ii) Intellectual Properties: These are the second important and significant information
assets for Private Match. Intellectual properties are valuable copyrights, patents, trademarks
or any other information, which is substantially granted legal protections like trade dress
(Wu, Straub and Liang 2015). The developed software with AI algorithms is also included as
IP.
INFORMATION GOVERNANCE
2.2 Identification of Information Assets
Risk can be defined as the possibility to lose anything of value such as assets,
resources for any company. Information asset like a body of knowledge, which is eventually
organized as well as managed as one single entity (Hagmann 2013). For any specific
corporate asset, the information assets of the company comprise of financial values. This
particular value increments in the direct relationship to those people, who have the core
ability of making use of the information. Since, any information comprises of a shorter life
cycle, it has the tendency of depreciating over time like several other corporate assets. Speed
at which information value is being lost mainly is dependent on the type of information the
asset could represent and level of accuracy the information is remaining on time. In
maximum companies, this information could not be utilized as a liability. The information
asset could be sub divided as per criteria for not only the frequency of use or relative
importance (Silic and Back 2013). The information assets of PM are extremely important and
significant for the success of the company and even for improving future revenue or
reduction of future expenses. The major information assets of PM are as follows:
i) Strategies: The first information asset of PM is their business strategies. They have
made unique business strategies for gaining competitive advantages. These strategies,
objectives, goals and plans are required for improving the current position of the company
within the existing market.
ii) Intellectual Properties: These are the second important and significant information
assets for Private Match. Intellectual properties are valuable copyrights, patents, trademarks
or any other information, which is substantially granted legal protections like trade dress
(Wu, Straub and Liang 2015). The developed software with AI algorithms is also included as
IP.
5
INFORMATION GOVERNANCE
iii) Trade Secrets: The trade secrets are inclusive of methods, processes, formulas,
designs, techniques and procedures together are termed as other important information asset
for PM and are used for competitive advantages.
iv) Decision Support Tools: Another vital and distinctive information asset for PM is
decision support tool. These are information tools as well as confidential data, which are
being utilized for improving business decisions.
v) Customer Data Documentation: This is yet another vital information asset for PM
(Von Solms and Van Niekerk 2013). Since they have to deal with customers’ data, it is highly
required for them to document customer data and preserve them for avoiding any kind of data
loss.
Information Assets Criteria 1:
Impact to
Revenue
Criteria 2:
Impact to
Profitability
Criteria 3:
Impact to
Public
Image
Weighted
Score
Criterion Weight (1 to 100) 30 40 30
Business Strategies 0.6 0.9 0.4 66
Intellectual Properties 0.8 0.8 0.7 77
Trade Secrets 0.3 0.6 0.5 48
Decision Support Tools 0.7 0.9 0.6 75
Customer Data Documentation 1.0 1.0 1.0 100
Weighted Factor Analysis Worksheet
(Created by the Author in MS Word)
INFORMATION GOVERNANCE
iii) Trade Secrets: The trade secrets are inclusive of methods, processes, formulas,
designs, techniques and procedures together are termed as other important information asset
for PM and are used for competitive advantages.
iv) Decision Support Tools: Another vital and distinctive information asset for PM is
decision support tool. These are information tools as well as confidential data, which are
being utilized for improving business decisions.
v) Customer Data Documentation: This is yet another vital information asset for PM
(Von Solms and Van Niekerk 2013). Since they have to deal with customers’ data, it is highly
required for them to document customer data and preserve them for avoiding any kind of data
loss.
Information Assets Criteria 1:
Impact to
Revenue
Criteria 2:
Impact to
Profitability
Criteria 3:
Impact to
Public
Image
Weighted
Score
Criterion Weight (1 to 100) 30 40 30
Business Strategies 0.6 0.9 0.4 66
Intellectual Properties 0.8 0.8 0.7 77
Trade Secrets 0.3 0.6 0.5 48
Decision Support Tools 0.7 0.9 0.6 75
Customer Data Documentation 1.0 1.0 1.0 100
Weighted Factor Analysis Worksheet
(Created by the Author in MS Word)
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Information Governance: Risk Assessment, Business Continuity, and Security Enhancementlg...
|26
|5829
|25
Information Security Case Studylg...
|9
|1388
|70
Designing an Information Security Program Report 2022lg...
|20
|4646
|14
Security Issues in Information Technology (pdf)lg...
|12
|2988
|346
Information Security: Shangri-La Hotellg...
|11
|3046
|27
Information Securitylg...
|16
|3717
|433