The Strongroom

How to Classify and Identify What Data is Most Valuable to Your Business

22 November 2016

Security

Information has always been at the heart of commerce and it’s always needed protection. From Coca-Cola's recipe and KFC's secret herbs and spices, to blueprints for inventions, patents and even security codes, keeping it safe has always been a prime concern.

In the last twenty years the importance of data and information security has grown because of three important changes:

  1. The volume of information being produced on different devices, whether fixed or mobile,

  2. The increasing amount of sharing, transferring and collaboration of this information, and;

  3. The ever-increasing sophistication of cyber-security.

 
All businesses have three main types of data;

  1. Personal data or Personally Identifiable Information (PII): This could identify a person, distinguish one person from another or be used together with other information to identify someone. Types of information included are addresses, birth date, IRD number, medical records, license plate, biometric information etc.

  2. Intellectual Property (IP): This is the ideas, innovations and creations developed by a business and its people, and owned by the business. IP ranges from patentable inventions and creative such as brand, logos and identity to sales, marketing and new product plans, and customer and supplier information. IP is used to obtain an economic and competitive advantage and should be legally protected by mechanisms including: patents, copyright, industrial design rights and trademarks.

  3. Financial information: This is any information related to commercial activity with the potential for the greatest loss when combined with personal information. This includes: bank account and credit card numbers, loan and investment information, payroll, non-salary information such as expenses, pensions etc.

Each of these data types has three intrinsic values;

  1. Confidentiality: refers to protecting information from being seen or used by unauthorised people or other organisations eg: a competitor.

  2. Integrity: relates to protecting information from unauthorised changes such as modifications to an agreement clause.

  3. Availability: refers to making sure the right people can access the right information at the right time - if this doesn’t happen the information has no value.

Every business will have varying degrees of value within each data type, and working out what is critical to the business and needs to be protected, versus what is not, is key to focusing your information security efforts, and identifying a framework that suits your business.

For example, in a power company, personal data of their customers (almost everyone in the general population) could essentially be found in the yellow pages. However, the business' intellectual property is highly sensitive - imagine if the computer mainframe that controls the supply of power to the entire population was maliciously attacked and breached: a disaster; socially and financially.

The trick is to understand what data is most valuable to your business, and put a value on it to help you begin to take steps to protecting it.

Our next blog will take a look at the different types of security frameworks available to protect the information used in the day-to-day operations of the business.

Make sense of the new world order. Join us on LinkedIn for news and views that will keep you at the leading edge of cyber security.

Join the Strongroom
Join The Strongroom and get a regular round-up of news and views to keep you up to date with the fast moving world of cyber security.