Information has value. That is why we need to protect it. But placing a value on information remains a hazy process, one that the accounting profession has not really come up to speed on. Yet knowing the specific value of information is a crucial determinant of how much protection it requires. In order to budget their limited information-security resources most effectively, organizations need to assess the value of the data they are protecting.
In the world of physical property and goods, levels of security are determined largely by the value of whatever is being protected. Banks don't put customer deposit slips in the vault. Not only would it be inconvenient; it isn't necessary. Cash, on the other hand, goes in the vault, save enough for the tellers' drawers. Security needs are prioritized.
Unfortunately, as Ed Ferrara of Forrester Research points out at SearchCIO, data security professionals, including CISOs, find themselves struggling to allocate security resources most effectively. Given limited budgets and sophisticated attackers – who know exectly what they want – protecting all data at the maximum level possible is impossible.
Some data – think customer accounts, or business strategy documents – need maximum protection. Other data, such as older, archived business plans, need less protection. But how do you determine what data needs what level of protection?
Businesses are slow to make use of the emerging insights provided by infonomics. According to Tucci, a common attitude is that "if accountants aren't recognizing information as a corporate asset, why should we?"
To which a bluntly honest answer is: What is the cost if that information is stolen, and shows up in a competitor's hands – or on the public Internet? Don't wait for the accounting profession to catch up. GRT Corporation can help you to assess the value of your datasets, and make sure that each has the level of protection it needs and deserves.