Ethical hacking (see my last post) is not the only security term I dislike. In fact I’m against the use of any labels that confuse ordinary people, especially when they supersede existing ones that are perfectly sound. Information assurance, for example, struck me as a particularly poor replacement term for information security in the public sector. It’s a bland term that no uninitiated person could possibly be expected to guess what it means. It brings to mind life assurance. It could pass for a quality or audit requirement. But you’d never imagine it was a euphemism for security. And it’s far from compelling, sounding more like an optional checking process of some kind, rather than an essential countermeasure.
New labels spring up regularly. Many disappear without trace. Information guardianship, for example, seemed quite fashionable last year. It failed to take off. But sometimes a new term works, however. Privacy is a good example. Data protection never really caught the imagination of ordinary managers. It doesn’t resonate, nor does it sound compelling. In fact, from a compliance perspective, there’s not a lot of difference between the two terms. But in terms of perception, there’s a whole world of difference.
This year’s hot term is information governance. It’s not new. It’s been used in healthcare circles for more than a decade. But it’s a term whose time has come. Propelled by the fear of large-scale security breaches, organizations with large databases of sensitive citizen information must be seen to be raising their game. Security is not enough. It also demands better information management, stricter data quality, tougher compliance processes and a more appropriate security culture.
Information governance is an easily-grasped term that demands high-level leadership. It’s also a banner that has the potential to unite our management of the long-isolated silos of security and data management. The UK parliamentary-industry group Eurim is currently working hard to develop the foundations of this important subject area, though no less than five work streams, mapping out the subject. Their recommendations could form a compelling bandwagon for a revolution in how both government and industry view the management and security of information. Expect to hear a lot more about information governance.