Information risk for KM professionals

Uploaded on

An overview of information risk for KM professionals including an analysis of techniques and key issues

An overview of information risk for KM professionals including an analysis of techniques and key issues

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide
  • Thank you for the invitation and I hope to explore some views on myth and history of our knowledge nation ahead of a superb conference
  • Andrew Blum – Wiring the world Unseen networks of cables The arteries of the information society Hudson Street New York Across the globe, Halifax to Ireland West African cable system
  • Whilst we pursued a dream of the information society too little attention was paid to the threats and issues arising from a deluge of information and data Technological improvements allowed an economy to be created that became an abstraction of the real world Companies built information estates that seemed to grow endlessly facilitated by Moores Law and its promise of ever greater machine speeds The web enabled integration and collaboration on an unprecedented scale after the trials of the first dot com collapse in late 1990s But society and the information profession seemed dazzled by the postive diemsnion of risk; the innnovation, the improvements and the ideas. It did not consider that the unseen risk was about to cause a tsunami that would engulf every part of the information society in three waves
  • In a five-year period, these three tiny banks, which had never operated outside of Iceland, borrowed 120 billion dollars, ten times the size of Iceland's economy. …The bankers showered money on themselves, each other, and their friends”.
  • The vanguard is the leading part of an advancing military formation . It has a number of functions, including seeking out the enemy and securing ground in advance of the main force. The vanguard derives from the traditional division of a medieval army into three battles or wards ; the Van, the Main (or Middle), and Rear . 1 The term Vanguard originates with the medieval French avant-garde , i.e. the ward in front. The vanguard would lead the line of march and would deploy first on the field of battle, either in front of the other wards or to the right if they stood in line. The makeup of the vanguard of a fifteenth century Burgundian army is typical. This consisted of a contingent of foreriders, from whom a forward detachment of scouts was drawn, the main body of the vanguard, in which there traveled civil officials and trumpeters to carry messages and summon the surrender of towns and castles, and a body of workmen under the direction of the Master of Artillery whose job it was to clear obstacles which would obstruct the baggage and artillery traveling with the main army. 2 In an English force of the period , the foreriders of the vanguard would be accompanied by the harbingers, whose job was to locate lodgings for the army for the following night. 3
  • This is the definition of information governance that the Board have developed. It does not only apply to records however but to patient information that may or may not be held in clinical records
  • Governments are opening their databases Improves government transparency and exposes corruption Increases growth of data intensive service SME’s Enhances cross-government data use
  • A have a vice to admit...i love futurology Ian Pearson at BT is one of the most compelling bloggers out there However it is about as accurate as tea reading! There are still no commercially available jet packs and my tea does not come in pill form yet! On the evening of 5 April 2009, Luigi Guigno of L'Aquila in Italy was phoned by a sister terrified by tremors under their village. He told her not to worry. Government experts in "the forecasting and prevention of major risks" had just been on the news declaring there to be "no danger" of an earthquake. They need not go out into the street. A few hours later an earthquake struck and Luigi, his pregnant wife, their son and 300 others were crushed to death. This week a local judge jailed six of the scientists, not for failing to predict the quake but for giving what he regarded as reckless reassurances. He fined them £6m and disbarred them from public office. World scientists condemned the verdict as inquisitorial and medieval. Britain's Lord May said it ignored the basic nature of scientific inquiry. Luigi's relatives disagreed. A local official said simply: "Some scientists didn't do their job."
  • Prediction matters to people. If the variables are too great, science should shut up, rather than peddle spurious expertise. But you can wave a banknote in a pundit's face and he will predict anything you like. Of course, it is outrageous to jail scientists for honest errors, but it is not outrageous to hold them to some account. When did Lord May's Royal Society last inquire into a scientific scandal? Journalists, like bankers, are getting hell these days for their mistakes. Why let seismologists off the hook? Augmented reality (AR) is a live, direct or indirect, view of a physical, real-world environment whose elements are augmented by computer-generated sensory input such as sound, video, graphics or GPS data. It is related to a more general concept called mediated reality , in which a view of reality is modified (possibly even diminished rather than augmented) by a computer. As a result, the technology functions by enhancing one’s current perception of reality. 1 By contrast, virtual reality replaces the real world with a simulated one. 2 3 Augmentation is conventionally in real-time and in semantic context with environmental elements, such as sports scores on TV during a match. With the help of advanced AR technology (e.g. adding computer vision and object recognition ) the information about the surrounding real world of the user becomes interactive and digitally manipulable. Artificial information about the environment and its objects can be overlaid on the real world. 4 5 6 7
  • Thank you for the invitation and I hope to explore some views on myth and history of our knowledge nation ahead of a superb conference


  • 1. ‘Risk Management forInformationProfessionalsLoughborough University2013Robin Smith PCRM CISSP CIPP-E
  • 2. RISK
  • 3. The Risk Society• “Risk society is a term that emergedduring the 1980s to describe themanner in which modern societyorganizes in response to risk…Theterms popularity during the 1990swas both as a consequence of itslinks to trends in thinking aboutwider modernity, and also to itslinks to popular discourse, inparticular the growing environmentalconcerns during the period.[2]”
  • 4. The Risk Society• According to British sociologistAnthony Giddens, a risk society is"a society increasingly preoccupiedwith the future (and also withsafety), which generates the notionof risk,"[3] whilst the Germansociologist Ulrich Beck defines itas "a systematic way of dealing withhazards and insecurities induced andintroduced by modernisation itself(Beck 1992:21)".[1]
  • 5. New realities• Economic contraction• Failure of technology solutions• Compliance demands
  • 6. What is risk?► Probability or threat of adamage, injury, liability,loss, or other negativeoccurrence, caused byexternal or internalvulnerabilities, and whichmay be neutralized throughpre-mediated action.
  • 7. Defining IRMInformation risk management isInformation risk management isa discipline thata discipline thatidentifies, classifies,identifies, classifies,values, and controlsvalues, and controlsorganizational informationorganizational informationto manage risk andto manage risk andopportunity, therebyopportunity, therebyenhancing its value to theenhancing its value to theorganization.organization.
  • 8. IRM matrixOpportunity InnovationSecurity Responsibility
  • 9. Types of informationrisk• Strategic  – This type of information riskrelates to risks and threats to the strategicposition of an organisation, includingeconomic and legal threats and risks;• Operational – These relate to risks andthreats impacting the operation of anorganisation including capital limits orstaff skills shortages; and• Financial – Economic and capital threats areof primary concern and will include loss ofearnings, limited finances, fines or otherrelated financial issues.  
  • 10. Information risk andthreat assessment - IRTAThe content of IRTA should be specific to theorganisation but information professionals mightwant to consider;How uncertain is the operational environment for theorganisation?Are there upcoming legislative changes likely tocreate new or revised duties?What technology changes are imminent?What external audit requirements are forthcoming?
  • 11. Risk one. Information asassetInformation is comparable to money.It creates new value and benefitssociety only when invested andleveraged.
  • 12. Capitalisation of KDIM• Assess• Value• Authenticate• Monitor
  • 13. Risk two. Info-professionalsas vanguardInformation professionals modifyorganisationRaise literacy and discuss risk
  • 14. ‘Information governance describesthe structures, policies andpractices which are used to ensurethe confidentiality and securityof records of patients and serviceusers.What is informationgovernance?
  • 15. The most popularsearch engines,map services andemail servicesare freeBut Facebook andGoogle are notcharities!Risk three.“Free is theNew Black”
  • 16. IP and the AssuranceImperative• Loss of assets can threatencompany• Within NHS organisations nowfined £500000 for failure toprotect privacy
  • 17. IRM Principles•         Evidence-based – It is vital to baseinformation risk analysis and planning on clearresearch evidence;•         Consistency – Accuracy and integrity areprerequisites for information risk products todeliver a consistent service;•         Skills focussed – Only via competency andexperience will staff involved in planning be ableto spot and handle information risks expertly; and•         High quality – The characteristics ofinformation assets required to reduce risk willraise quality to the highest standards.
  • 18. Our Future(s)It took 100-120 yrs to build the globalwired telephone network.It took 10 yrs to build a correspondingglobal wireless phone networkIt took 2-3 years for social media tobecome a global phenomenonIn ten years time anything can be ineveryday use even if it has not beeninvented yet.Source; BT Futurology Unit 2011.
  • 19. The Future of Work• The future office will be increasingly mobile andflexible as companies swiftly assemble the resourcesnecessary to meet changing business needs.• Core teams will manage employees working from diverselocations — from home offices to temporary businessspaces to cafés.• A premium will be placed on staff members who possess acombination of technical and interpersonal skills, andcan adapt quickly to change.• Professionals who are able to create new products andservices and identify more efficient ways to work willbe among the most marketable as innovation continues todrive business.
  • 20. Key Skills• Policy making• Project management• Risk assessment and management• Privacy and security management• Technology implementation• Advisory and assurance role
  • 21. Fakefutures?Augmented realitybecomes everydayrealityMobile devices areforerunners, nextcarsTechnologicalbreakthroughs onother sciences
  • 22. Questions
  • 23. Contact;
  • 24. ‘Risk Management forInformationProfessionalsLoughborough University2013Robin Smith PCRM CISSP CIPP-E