CISO

Information Security Including Physical records

Invariably organization tends to give more importance towards implementation of various controls to protect the information assets in the electronic form

 

However in practicality, either the electronic record is preceded or succeeded by paper documents which hold critical data.  From the enterprise information security perspective it might leave a large gap, if these assets are not identified and process are built to protect the same.

 

In my experience, the first step towards implementation of control of paper based information asset is to put in a place an enterprise records management policy.  Policy must handle the following :

·        complete life cycle of records

·        Listing of information assets

·        Classification of assets

 

Once the organization implements the records management, it can do risk assessment of the assets on the basis of the classification.  Risk assessment would guide organization in building controls in various business process to protect the critical information asset of the organization.

Posted on 10/21/2010 at 12:34 AM Permalink | Share This Post | Comments (0) | Leave a Comment

Community Tags: Information Security, Risk Management
You must sign in to rate content.
(Unrated)

Comments

There are no comments yet for this post.

Leave a Comment

You must be logged in to post a comment.