The BCS has for a long time focused on protecting information, but primarily from a technical perspective. The society now recognises the need to look beyond the technology and to consider the process and human factors that affect information.
To address these issues, the BCS has established an Information Assurance Working Group, the aim of which is to encourage debate and to put information across in a way that is accessible to business managers and ordinary citizens.
Information assurance is about the protection of information, based around what we traditionally understand as information security. It has at its core the principles of confidentiality, integrity and availability. However, information assurance reaches beyond this and explicitly connects with the concerns of the organisation by embracing the broader disciplines of risk and business continuity management.
Charting a maturity curve from IT security to information assurance, we can see a progression from a period when the focus was primarily on securing IT equipment to a situation where electronic data is protected in a more dynamic way as it flows through the business.
Today, the value of information as a business asset has never been higher and for this reason we are moving towards the concept of information assurance as a management concern.
Information assurance is no longer a niche issue as we move into a business environment that demands the controlled sharing of information within and between organisations. It is also of importance to the ordinary citizen, who not only wants to protect their home PC but is worried about the protection of their personal details.
The first task of the BCS Information Assurance Working Group is to debate how to communicate information assurance risk to decision makers. Part of this revolves around whether end-users should be empowered to think about information assurance issues for themselves.
There is a tendency sometimes to treat end-users as children who need to be protected and, if this is the case, then it is unsurprising that they often fail to take responsibility for protecting information assets.
If we are going to empower end-users to act responsibly in the information assurance space, we have to engage with them and give them the education and training required to understand the issues.
● Debi Ashenden is a senior research fellow in information assurance at Cranfield University and chairman of the BCS information assurance working group
David Lacey’s security blog
The latest ideas, best practices, and business issues associated with managing security
Stuart King’s risk management blog
Dealing with the operational challenges of information security and risk management
Comment on this article: [email protected]