THE VALUE & COST OF ASSETS
The costs of collecting and storing information are usually justified by a business case.
Creating added value from sharing information with those with a need to know is now widely promoted and in some cases mandated.
Sharing large collections of data creates an environment of significant risk: to the organisations that hold the data, and to the privacy and security of individuals.
The ubiquity of computer held data puts demands on organisations to assess the risks to the information they hold. Data at risk manifests itself in many forms; examples include:
- Inappropriate sharing of data by those without a "need to know"
- Accidental exposure of information that includes personal details
- Loss of laptop or memory stick
- Misuse, identity theft, fraud, providing information to competitors
Although the consequences of unmanaged risks are different across organisations, they can be identified and measured for severity of impact. e.g. A commonly used measure for UK government departments is the Business Impact Level. The Business Impact Level is used to determine what protective marking should be applied to an information asset.