{"id":1462,"date":"2024-01-01T00:39:45","date_gmt":"2024-01-01T00:39:45","guid":{"rendered":"https:\/\/solutionsreview.com\/thought-leaders\/?p=1462"},"modified":"2024-02-02T14:40:25","modified_gmt":"2024-02-02T14:40:25","slug":"introduction-to-information-risk-management","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/thought-leaders\/introduction-to-information-risk-management\/","title":{"rendered":"Introduction to Information Risk Management"},"content":{"rendered":"<p>Organizations are increasingly embracing data governance tactics to address data quality and availability. However, the growing dependence on a wide array of data sources (of which many originate outside the administrative control of the organization) exposes several vulnerabilities associated with what I refer to as \u201cinformation risk.\u201d In this post, I introduce the concept of information risk as well as recommend the need for establishing an information risk management program to understand data vulnerabilities and mitigate information risk.<\/p>\n<p>According to Wikipedia there are<a href=\"https:\/\/en.wikipedia.org\/wiki\/Risk\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" class=\"external\">\u00a0several definitions of risk<\/a>, including \u201cthe potential for uncontrolled loss of something of value,\u201d and \u201c(Exposure to) the possibility of loss, injury, or other adverse or unwelcome circumstance; a chance or situation involving such a possibility.\u201d Using this definition, \u201cinformation risk\u201d would be the potential for loss of value due to issues associated with managing information.<\/p>\n<p>Exposure to any kind of risk affects the way that a business operates. There are operational affects, impacting corporate ability to execute due to data availability or accessibility issues. There could be numerous financial impacts, such as increased operational costs, decreased revenues, other financial losses associated with execution failures caused by flawed data. There is certainly the potential for reputation damage that can lead to decreased confidence and loss of customers associated with processes impacted by data issues. Information issues can lead to losses associated with fraud, waste, and abuse, as well as disrupting business continuity. \u00a0Data issues affecting regulatory non-compliance can lead to penalties and necessary remediation activities.<\/p>\n<p>Most organizations implement some kind of risk management program to understand and identify any threats of quantifiable damage, injury, loss, liability, or other negative occurrence that may be avoided through preemptive action.<\/p>\n<p>The same should be said for information risk. In most cases, organizations conflate the concept of information risk and data protection. But information risk comprises so much more, including:<\/p>\n<ul>\n<li>Exposure of any type of sensitive information,<\/li>\n<li>Compliance with a broad array of regulations and laws,<\/li>\n<li>Loss of accessibility to needed information,<\/li>\n<li>Nonobservance of data retention and disposition directives,<\/li>\n<li>Decreased corporate agility, or<\/li>\n<li>Delays in decision-making.<\/li>\n<\/ul>\n<p>Organizations need a framework for understanding, assessing, identifying, and mitigating information risks, such as the one that we call data policy governance. Directives that impose constraints on information production and use form the basis for defining data policies that operationally govern all aspects of information management, and the objective of this framework is to surface and clearly defined data policies and then institute processes and technologies for their operationalization. The benefits of data policy governance include:<\/p>\n<ul>\n<li><strong>Simplifying reporting<\/strong>: Auditable processes for data asset assessment and classification simplifies compliance reporting.<\/li>\n<li><strong>Building trust<\/strong>: Demonstrating auditable processes for protecting personal and private data builds trust with your customers.<\/li>\n<li><strong>Automating monitoring<\/strong>: Discrete specifications of data sensitivity enable automated application of data protection policies.<\/li>\n<li><strong>Reducing exposure<\/strong>: Knowledge of the data landscape improves ability to apply data protection applications (such as encryption and masking).<\/li>\n<li><strong>Data awareness<\/strong>: Knowledge in the \u201chidden\u201d areas of the data landscape provide insight into corporate operations and business opportunities.<\/li>\n<\/ul>\n<p>Information risk management consists of four phases:<\/p>\n<ul>\n<li><strong>Information risk assessment<\/strong>, which engaged stakeholders are interviewed to review business uses of identify the most critical risks related to information management and use. Data directives (such as data privacy laws or industry standards) are reviewed to identify the sources of data policies.<\/li>\n<li><strong>Data policy specification and prioritization<\/strong>, in which specific operational data policies are distilled out of the data directives and are prioritized in relation to the business impacts.<\/li>\n<li><strong>Data policy strategy<\/strong>, in which we draft a technology stack and accompanying process architecture to ensure implementation such that data policy compliance can be continuously monitored.<\/li>\n<li><strong>Data policy governance<\/strong>, where the technology and process architectures are implemented and put into production.<\/li>\n<\/ul>\n<p>Organizational leaders must acknowledge the need for information risk management. In my upcoming posts I will provide additional details about how we have helped our clients assess data vulnerabilities and mitigate information risks.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Organizations are increasingly embracing data governance tactics to address data quality and availability. However, the growing dependence on a wide array of data sources (of which many originate outside the administrative control of the organization) exposes several vulnerabilities associated with what I refer to as \u201cinformation risk.\u201d In this post, I introduce the concept of [&hellip;]<\/p>\n","protected":false},"author":441,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[11],"tags":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Introduction to Information Risk Management - Solutions Review Thought Leaders<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Introduction to Information Risk Management - Solutions Review Thought Leaders\" \/>\n<meta property=\"og:description\" content=\"Organizations are increasingly embracing data governance tactics to address data quality and availability. However, the growing dependence on a wide array of data sources (of which many originate outside the administrative control of the organization) exposes several vulnerabilities associated with what I refer to as \u201cinformation risk.\u201d In this post, I introduce the concept of [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/solutionsreview.com\/thought-leaders\/introduction-to-information-risk-management\/\" \/>\n<meta property=\"og:site_name\" content=\"Solutions Review Thought Leaders\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-01T00:39:45+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-02-02T14:40:25+00:00\" \/>\n<meta name=\"author\" content=\"David Loshin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@davidloshin\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"David Loshin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/thought-leaders\/introduction-to-information-risk-management\/\",\"url\":\"https:\/\/solutionsreview.com\/thought-leaders\/introduction-to-information-risk-management\/\",\"name\":\"Introduction to Information Risk Management - Solutions Review Thought Leaders\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/thought-leaders\/#website\"},\"datePublished\":\"2024-01-01T00:39:45+00:00\",\"dateModified\":\"2024-02-02T14:40:25+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/thought-leaders\/#\/schema\/person\/a77d82d0f67b9e08808d48b31d9bc786\"},\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/thought-leaders\/introduction-to-information-risk-management\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/thought-leaders\/introduction-to-information-risk-management\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/thought-leaders\/introduction-to-information-risk-management\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/thought-leaders\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Introduction to Information Risk Management\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/thought-leaders\/#website\",\"url\":\"https:\/\/solutionsreview.com\/thought-leaders\/\",\"name\":\"Solutions Review Thought Leaders\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/thought-leaders\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/thought-leaders\/#\/schema\/person\/a77d82d0f67b9e08808d48b31d9bc786\",\"name\":\"David Loshin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/thought-leaders\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4477fe35d87edece227287c8e83abb5f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4477fe35d87edece227287c8e83abb5f?s=96&d=mm&r=g\",\"caption\":\"David Loshin\"},\"description\":\"Recognized worldwide as an information management thought leader, David has popularized best practices for business intelligence, data governance, performance computing, master data management, predictive analytics, and data quality. David is a monthly columnist for TechTarget and frequently presents at The Data Warehousing Institute World Conferences, Enterprise Data World, the Data Governance and Information Quality conferences, and web-based seminars.\",\"sameAs\":[\"https:\/\/www.knowledge-integrity.com\/\",\"www.linkedin.com\/in\/david-loshin-4a961\/\",\"https:\/\/x.com\/davidloshin\"],\"url\":\"https:\/\/solutionsreview.com\/thought-leaders\/author\/david-loshin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Introduction to Information Risk Management - Solutions Review Thought Leaders","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Introduction to Information Risk Management - Solutions Review Thought Leaders","og_description":"Organizations are increasingly embracing data governance tactics to address data quality and availability. However, the growing dependence on a wide array of data sources (of which many originate outside the administrative control of the organization) exposes several vulnerabilities associated with what I refer to as \u201cinformation risk.\u201d In this post, I introduce the concept of [&hellip;]","og_url":"https:\/\/solutionsreview.com\/thought-leaders\/introduction-to-information-risk-management\/","og_site_name":"Solutions Review Thought Leaders","article_published_time":"2024-01-01T00:39:45+00:00","article_modified_time":"2024-02-02T14:40:25+00:00","author":"David Loshin","twitter_card":"summary_large_image","twitter_creator":"@davidloshin","twitter_misc":{"Written by":"David Loshin","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/thought-leaders\/introduction-to-information-risk-management\/","url":"https:\/\/solutionsreview.com\/thought-leaders\/introduction-to-information-risk-management\/","name":"Introduction to Information Risk Management - Solutions Review Thought Leaders","isPartOf":{"@id":"https:\/\/solutionsreview.com\/thought-leaders\/#website"},"datePublished":"2024-01-01T00:39:45+00:00","dateModified":"2024-02-02T14:40:25+00:00","author":{"@id":"https:\/\/solutionsreview.com\/thought-leaders\/#\/schema\/person\/a77d82d0f67b9e08808d48b31d9bc786"},"breadcrumb":{"@id":"https:\/\/solutionsreview.com\/thought-leaders\/introduction-to-information-risk-management\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/thought-leaders\/introduction-to-information-risk-management\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/thought-leaders\/introduction-to-information-risk-management\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/thought-leaders\/"},{"@type":"ListItem","position":2,"name":"Introduction to Information Risk Management"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/thought-leaders\/#website","url":"https:\/\/solutionsreview.com\/thought-leaders\/","name":"Solutions Review Thought Leaders","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/thought-leaders\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/thought-leaders\/#\/schema\/person\/a77d82d0f67b9e08808d48b31d9bc786","name":"David Loshin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/thought-leaders\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4477fe35d87edece227287c8e83abb5f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4477fe35d87edece227287c8e83abb5f?s=96&d=mm&r=g","caption":"David Loshin"},"description":"Recognized worldwide as an information management thought leader, David has popularized best practices for business intelligence, data governance, performance computing, master data management, predictive analytics, and data quality. David is a monthly columnist for TechTarget and frequently presents at The Data Warehousing Institute World Conferences, Enterprise Data World, the Data Governance and Information Quality conferences, and web-based seminars.","sameAs":["https:\/\/www.knowledge-integrity.com\/","www.linkedin.com\/in\/david-loshin-4a961\/","https:\/\/x.com\/davidloshin"],"url":"https:\/\/solutionsreview.com\/thought-leaders\/author\/david-loshin\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/thought-leaders\/wp-json\/wp\/v2\/posts\/1462"}],"collection":[{"href":"https:\/\/solutionsreview.com\/thought-leaders\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/thought-leaders\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/thought-leaders\/wp-json\/wp\/v2\/users\/441"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/thought-leaders\/wp-json\/wp\/v2\/comments?post=1462"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/thought-leaders\/wp-json\/wp\/v2\/posts\/1462\/revisions"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/thought-leaders\/wp-json\/wp\/v2\/media?parent=1462"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/thought-leaders\/wp-json\/wp\/v2\/categories?post=1462"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/thought-leaders\/wp-json\/wp\/v2\/tags?post=1462"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}