Information Risk Management
- jorge pinheiro
- 17 de abr. de 2022
- 1 min de leitura
Let's talk about information risk management. Information risk management is common mistook by IT risk management, IT can be part of risk management, but is not the same has information.
To understand information risk management, first is necessary to understand what is information quality. In an article written by Beverly K. Kahn, Diane M. Strong, and Richard Y. Wang it was defined the dimensions of information quality. Although these can be criticised it is an important contribution for the understanding of information quality.
Dimension | Definition |
Accessibility | the extent to which information is avaiable, or easily or quickly retrievable |
Appropriate amount of information | the extent to which the volume of information is appropriate for the task at hand |
Believability | the extent to which information is regarded as true and credible |
Completeness | the extent to which information is not missing and is of su fficient breadth and depth for the task at hand |
Concise representation | the extent to which information is compactly represented |
Consistent representation | the extent to which information is presented in the same format |
Ease of manipulation | the extent to which information is easy to manipulate and apply to different tasks |
Free-of-error | the extent to which information is correct and reliable |
Interpretability | the extent to which information is in appropriate languages, symbols, and units, and the definitions are clear |
Objectivity | the extent to which information is -> unbiased, unprejudiced, and impartial |
Relevancy | the extent to which information is applicable and helpful for the task at hand |
Reputation | the extent to which information is highly regarded in terms of its source or content |
Security | the extent to which access information -> is restricted appropriately to maintain its security and secure from theft |
Timeliness | the extent to which information is sufficiently up-to-date for the task at hand |
Understandbility | the extent to which information is easily comprehended |
Value-added | the extent to wich information is -> beneficial and provides advantages from its use |
These dimensions are important for information risk management. Not all with the same importance, but even though are important to take in mind. The dimensions more close to information risk management are accessibility, believability, completeness, consistent representation, ease to manipulation, free-of-error, interpretability, reputation, security, and timeliness. Its a mixture of IT and information content risk. Therefore, to audit a risk by evaluate IT, is not to understand information in all its extent. Is to evaluate what is easy to verify but not evaluate the value-added of that information to the organization.
Still in construction...
Beverly K. Kahn, Diane M. Strong, and Richard Y. Wang (2002). Information Quality Benchmarks: Product and Service Performance. Communications of the ACM, Vol. 45.
Comentários