Information Security & Information Governance – how they work together
By Richard Kilpatrick - Information Technology & Services
Richard Kilpatrick is a highly experienced consultant in information technology, focusing on realistic data governance, security and privacy. Richard has led programs of work to discover and classify data across multiple business units, within banks, telcos, health and media. In this Information Governance ANZ article, he outlines the difference between Information Security and Information Governance, explaining why IG frameworks are essential for the successful orchestration of specialized security systems.
Information (data) security, cybersecurity and IT security all usually refer to the protection of computer systems and information assets by suitable controls, such as policies, processes, procedures, organizational structures and software and hardware functions. The type and extent of controls depends on the scope and maturity of the business function (usually the Security Department) applying the controls, or, depends on the specialization/focus of the team, such as Perimeter/Firewall or Identity Management. Each function tends to have a different perspective of information security, compared to other functions, due to their focused specialization.
A close parallel is the health profession. You see a GP doctor when unwell, and are referred to a specialist who knows much more than your GP about a particular field of expertise. I know that my GP would not want to perform open heart surgery at all. And equally, a heart specialist would not have up-to-date and practical knowledge of all areas of the body. Tinea treatment? – see somebody else please.
In other words, people specialize in a particular aspect of their work. You can’t be an expert in everything. People prioritize – for example, in busy times, a SysOp will not be as vigilant with security when their primary role is to keep the sales /finance system up and running for all users. This is exactly how Information Security Systems operate.
To read the rest of 'Information Security & Information Governance – how they work together' head over to the original article on Information Governance ANZ.