Information Security

by Andy Taylor

Introduction

In a world increasingly dominated by information, we all create, process, store and destroy information on a very regular and increasingly frequent basis. Some of the information is important (bank account details, children’s birthdays, salary), while other pieces of information have transitory use and value – a bus time, today’s code for access to a car park or the cost of a taxi fare. The very nature of the varied uses of information means we will inevitably need to look after some pieces of information more carefully and for longer periods than others. But get this wrong – lose or forget something vital – and serious problems can ensue. In the UK the number issued at age 16 by the government as the national insurance number is with you for life and is critical for personal identification reasons. Losing that vital piece of information can thus be a serious matter.

If information gets into the wrong hands, this can also prove disastrous. Give a thief your bank account details, either by accident or as a result of a crime or deception, and serious issues can ensue. Not many years ago the only place where work information was held was in the office, usually behind a locked office door. Now, we expect to have information available to us wherever we are, in hotels, at home, even on the move in trains, buses and even planes. As the amount of information grows and the availability of that information increases, taking care of it becomes ever more important. This is the world of information security.

This section should give you a good understanding of information security, the reasons for it and the basic measures that should be taken. Naturally, as in any business discipline, there are many areas of specialism within the world of information security and you will not get specialist information here about the use, for example, of cryptography. If that is perceived as the solution to a problem in your business, then you will need to engage the services of a specialist. What this section should help you do is to decide what the right sort of solution for your specific business problems might look like once you have gone through a process of determining the following:

  • The valuable information assets of your organisation
  • The risks to them
  • The impact of each of those risks occurring.

The correct solution may or may not be within your direct grasp, but at least you will be able to talk sensibly to experts and specialists about your specific needs and gain their assistance in dealing with your issues.