Information risk and security in business relationships
As the full title for February's security awareness module became unweildy, we adopted the working title "Securing business relationships". The ambiguity in that shortened version led me to ask myself: "What are we actually concerned about: securing relationships, securing business, or securing information?" Answering that rhetorical question turned out to be an interesting diversion from the slog of writing the materials. For what it's worth, I've done my best to recall the train of thought sparked by my little poser ... 1) Ours is an information security awareness service so naturally information security is our primary interest - our key concern. 2) Information security, in turn, comprises a suite of controls to mitigate unacceptable risks to information, hence we find ourselves increasingly referring to 'information risk and security' in the same breath.* 3) While the nature of the information content varies according to the type of relatio...