Information is an organisational resource that needs to be managed, just like any other. It needs to be allowed to flow appropriately and effectively if its value is to be maximised – and its potential to harm is to be minimised.
Our second speaker at the NetIKX Information Risk Management workshop was Patricia (Pat) Bryant – a risk manager with experience of advocating the benefits of managing risks at a senior level in the public, private and third sectors.
Pat used the recent events at News Corp and Westminster to highlight some key lessons about managing information risk. Poor information management combined with alleged criminality has created financial problems for that organisation and raised political implications in three continents.
Key lessons from Pat’s presentation and the discussion that followed it:
- ‘Secrecy’ is the enemy of information security. If information is locked down, then it becomes siloed. Information lock-down creates a barrier which can lead the disaffected to believe that you have something to hide.
- It is possible to manage information boundaries, but organisations are not very good at it! Organisations should aim for information transparency within clear boundaries.
- Organisations should consider who is best placed to control and manage information flows
- Similarly communications are vital and serious consideration should be given to who is the best person to do it!
- Your information should be concise, factual and the person who communicates it should be trustworthy
- Leaks tarnish people and organisation
- Get your information right in the first place
- Organisations should seek to move from ‘risk averse’ to ‘risk managed’
- Has your organisation defined its ‘appetite for risk’? – you should work within that framework
- The watchwords should be ‘Clear, Concise, Accurate‘