When securing information, intellectual property, data (hard and soft, paper and electronic; hereafter referred to as content) it’s first necessary to know what you have… and where.
Once you know what you have and where, it should be relatively simple to secure data. Note that I didn’t say “easy.” But in terms of simplicity, there’s a relatively flat qualifier – something very initial – to securing content that comes before anything else. Something comes prior to any associated system, and any hierarchy of control regarding such things as outside regulatory oversight, internal control, general stakeholder interest (that is, specific department oversight), and general principles of security.
Initially, any activity involving content requires looking through a security prism. Merely consider content’s “lay” (its location, its residency, its container, its present status, et al) vis-à-vis your upcoming, intended, action on that content.
The view through security’s prism must always generate this question:
Will my action on this content compromise, or possibly compromise, its protection, discretion and safety?
Of course, by extension we’re really talking about the organization’s protection, discretion and safety – as well as allied parties (clients, customers, partners, etc.). It’s essential to take a big picture view and make best consideration of all interests, involvements and relationships.
If your staff doesn’t know to take this view, doesn’t know to ask this question, then it doesn’t know how to handle and protect content. Simple.
You don’t know what you don’t know – ‘till you know it. Survey and account for data. Then~
Bring the associated system(s) of control to bear, ensure their effective use through training and ongoing awareness. Most breaches of content and exposures are due to human error. Ensure appropriate human awareness for treatment of content by reinforcing that look through the security prism.
Remember: Know what you have; know how to protect it.
NP: Thingamagig – The Mel Powell Trio – Original 1954 Vanguard LP.