Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Information veracity towards a secure information posture
Journal of Data Protection & Privacy,
2
(4),
298-310
(2019)
Abstract
The aim of this paper is to explore the various facets of information veracity, with the goal of unravelling the multiple permutations, methods and approaches for organisations striving to achieve their target level of compliance. Multiple sources of academic papers, commercial frameworks and related industry good practice are analysed to determine if common themes are exhibited. Through this research, four areas are consistently discussed. These areas are information and data regulation, information risk management, information and data governance, and finally information security standards and frameworks. Each of these four themes is then presented, covering the primary objectives related to information veracity. The importance of organisations having full knowledge of data regulations and laws, utilising enterprise-wide organisational knowledge to further strengthen their compliance posture, is highlighted. Information risks management requires the collaboration of numerous stakeholder groups, both business and technology, to ensure an appropriate risks posture is achieved. The role of an integrated organisational, technology and information governance operating model is emphasised as a key enabler to information veracity. Finally, the selection of appropriate, fit for purpose information security standards, frameworks and controls is discussed, with the key premise that re-use must prevail over in-house developed methods.
Keywords: data protection; data regulation; security; governance
The full article is available to subscribers to the journal.
Author's Biography
Clive Brindley holds a master’s degree in strategic IT management, as well as numerous industry certifications across security, governance and service management domains. A technology professional with over 25 years’ experience, he has delivered IT transformation and management solutions across a wide spectrum of business segments including defence and financial services. As technology head for a financial services provider, Clive was responsible for the development, implementation and monitoring of numerous hybrid IT capabilities (including various cloud solutions). In this role, he was exposed to the real-world challenges of aligning business objectives with technology goals, improving the organisation’s overall risk posture all while managing finite resources. This has allowed him to consider various practical approaches to improving information and data security, including continual compliance with various industry and country compliance requirements (Payment Card Industry Data Security Standard (PCI DSS), General Data Protection Regulation (GDPR) etc.).
Ben Silverstone is a world leading researcher and commentator on the use of e-mail in organisations and the social issues associated with cybersecurity and IT. Dr Silverstone has a master’s degree in management and PhD in engineering as well as fellowships to the World Business Institute and the Royal Society of Arts. Dr Silverstone is currently the Programme Leader for Computing and Quantitative Business at Arden University in the UK, an institution that specialises in distance and blended programmes for 21st century learning.
