The Sound of Sound Information Security

I like it when I stumble across examples of information management concepts.  While working on a podcast interview with William McKnight discussing his new book Information Management: Strategies for Gaining a Competitive Advantage with Data, I asked William for a song recommendation to play as background music while I read his bio during the opening segment of the podcast.

After William emailed me an Apple iTunes audio file for the song “Mother North” off of the 1996 album Nemesis Divina by Norwegian black metal band Satyricon, I ran into an issue when I attempted to play the song on my computer that provides two points about the information security aspects of information governance:

  • The need to establish a way to enforce information security so that only authorized users can access protected information.  In this case, the protected information is a song purchased from the Apple iTunes store, where purchases are associated with both an Apple ID and the computer used to purchase it.  This establishes an information security policy that is automatically enforced whenever the information is accessed.  If a security violation is detected, in this case by attempting to play the song on another computer, the policy prevents the unauthorized access.
  • Information security policies also have to allow for unexpected, but allowable, exceptions otherwise security becomes too restrictive and inconveniences the user.  In this case, Apple iTunes allows a song to be played on up to 5 computers associated with the Apple ID used to purchase it.  This is an excellent example of the need to combine portability and security by embedding a security policy as the information’s travel companion.  Apple does not just prevent you from playing the song, but offers the ability to prove you are authorized to play it on another computer by entering your Apple ID and password.

The goal of information security is to protect information assets against intrusion or inappropriate access.  Comprehensive security must not be limited to the system of origination but must travel with the information, especially as today’s mobile users need to access information from multiple devices.

Much like the hills are alive with the sound of music, make sure that your information governance policies are alive with the sound of sound information security, thus making your organization’s easily accessible while appropriately protected information assets music to your users’ ears.

Category: Information Governance
2 Comments »