5.6 Data, information and digital knowledge management
As well as the security of our systems, we also need to think about the security of the information we have, how we protect it and how we share it.
It is important to understand that data and information is not restricted to just documents, but it is content that is used in any system, asset or communication that exists digitally or physically.
Information is normally grouped into the following classifications: unclassified, internal, confidential. You should understand your responsibilities for how you handle information and data within these areas, which are part of the Information Classification Software for ISO 27001 [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)] .
Unclassified | Internal only | Confidential |
---|---|---|
The information is not particularly valuable, nor is the organisation required to protect it. It can be accessed by anyone for any purpose, including release to the public or clients. It may include press releases, job vacancies, and so on. | The information has value internally and may have some value to competitors. It may be distributed freely to anyone within the organisation. It may include internal memos, employment data, contract information, and so on. | The information has significant value and there may be legal requirements for its protection. Access is limited to designated roles or tiers within the organisation. It may include intellectual property, customer payment details, long-term strategic planning, and so on. |
Information therefore has value: it is essential, then, that you understand digital knowledge management. Digital knowledge management is the process for identifying, capturing, organising, storing, and sharing digital information effectively so that it is easily accessible for all those who require access. The right metadata (data about the data) is also needed to enable computer-automated tools to access – or search – the assets.
In the video Nicola Askham, The Data Governance Coach, explains what is meant by data management, and the consideration for managing data.