The value of information needs to be appreciated while information security policies are being developed.
Delivering the keynote at the Gartner security conference in London on 'profitable information security policies', principal consultant David Watson claimed that reputation can pose a problem 'as it takes a long time to build and is easy to lose'.
He said that companies are 'delayed by information' as they are more critical with automated systems, and what is information worth and what is its value?
He said: “I get risks and opportunities, it is not just about technology tools or countermeasures, think about your risks – at what level does the board understand? Information is an asset and staff need to understand it.”
He cited an example of if a member of staff leaves and takes the database with them and uses it, for example if they leave a recruitment company and take client data to set up their own business, how can a business know if that data has been removed and what value do they place on it?
“There is a mismatch between the corporate environment and those who are stealing it. You can accept it or not, or spend money on doing something about it, said Watson.
“You can make information security policy profitability ethically in business and make sure when it is it is business driven.”