Introduction to information risk

My name is Tom Seeler and I work for the Information Security Group doing information risk management. What this means in practice is that I work with people all across the university to help them identify risks to their information as a result of the work that they are doing. This can range from data they are gathering as part of a study or how to share files within their team, through to helping to understand the implications of providing a new service to office staff. Regardless of the specifics of the risk assessment, my first questions are usually “what is the information you are working with” and “where is it going”?

They’re deceptively simple questions but it can lead to some really interesting discussions. You can’t have actual control over your information if you can’t answer them, and you can’t work out how to protect yourself if you don’t know what you’re protecting. Just as important is when you arrive at an “I don’t know”; the first step to removing the confusion is to identify it.

It’s an interesting exercise to apply to the things you work with every day, whether it’s a private social media account or a document workflow at school or your job. Where exactly is valuable information being stored and, now that you’ve visualised it, are you comfortable with how it is protected. These are the basics of risk assessment and I will be going into more detail in my future posts, as well as offering what I hope will be useful and practical advice on reducing information risks.