The Issue:

Information protection is one of the core disciplines of Information
Stewardship, alongside business continuity, information lifecycle management,
data quality management, and compliance. The purpose of Information
Stewardship is to enhance the value of information and reduce the risk to
information within the context of the business value. In other words, Information
Protection is only relevant in the context of the broader value of information.

Maximizing information protection must always be balanced against
maximizing the business value of information. The business value of information
is derived from the processing, transformation, sharing and dissemination of
information – the very activities that create risk! It is crucial to look at
information protection as one axis in a broader picture of investment and
innovation decisions: you cannot focus only on maximizing information
protection (maximizing security). After all, the best way to maximize the
protection of information is to lock it up and throw away the key – which of
course means that the information is then no longer available to the business.
Being a good steward of the information requires using security to enable
business functions but to minimize the risk of them as far as necessary.

Read this Issue Paper: Not an End In Itself: Information Protection and Return on Risk [1]

This Issue Paper is available to registered users. Registration is free - please register for access.