Information management The term \'information management\' is used ambiguously in the literatures of several fields: in computer science and its applications it is used as a synonym for information technology management or as identical to \'data management\', where the emphasis is on the structures underlying quantitative data and their relationship to the design of databases. In business or management studies it has similar connotations to technology management, with an emphasis on the relationship of information technology to business performance and competitiveness. In the field of librarianship and information science it is identified with the \'emerging market\' for information workers (managers), whose perception of information embraces data, organizational intelligence, competitive intelligence, external information resources of all kinds and the associated technology (manual or machine) for handling these different sources. Compared with the other areas, information management in this latter context is more widely concerned with the meaning of information for the information user and with information retrieval issues. Education for information management The state of education for information management is as diverse as the basis for its definitions. In the UK, the Departments and Schools of Librarianship and Information Science (LIS) have introduced information management options and, in some cases, new degree programmes in the field, and have made a strong bid within their institutions to be the lead departments in this new area. However, there is competition from the business schools (where the focus still tends to be on the strategic role of information technology and on the consequences of that role for the management of IT) and from computer science departments, which, in the early 1990s, felt the effect of declining demand for their courses and which, in consequence, have sought to broaden the basis for attracting students by offering courses in business information systems and information management. Attempts to define the information management curriculum have been limited, but Wilson (1989b) analysed the contents of key journals in the field and found the following categories: While the attention given to each of these elements seems likely to differ, they do seem to constitute the general core of information management and, indeed, those departments of library and information studies in the UK that have created information management programmes have produced different mixes of the elements depending upon the existing strengths of the teaching staff. Since the first edition of this text, the situation has changed little: a study by Maceviçiute and Wilson (2002) found: The situation in the USA is similar and appears to have changed little since Lytle (1988) noted that confusion existed over the educational base for information management and claimed that: \'The reason for the confusion is not curriculum overlap or battles in .

1. Information management
The term 'information management' is used ambiguously in the literatures of several fields: in
computer science and its applications it is used as a synonym for information technology
management or as identical to 'data management', where the emphasis is on the structures
underlying quantitative data and their relationship to the design of databases. In business or
management studies it has similar connotations to technology management, with an emphasis on
the relationship of information technology to business performance and competitiveness. In the
field of librarianship and information science it is identified with the 'emerging market' for
information workers (managers), whose perception of information embraces data, organizational
intelligence, competitive intelligence, external information resources of all kinds and the
associated technology (manual or machine) for handling these different sources. Compared with
the other areas, information management in this latter context is more widely concerned with the
meaning of information for the information user and with information retrieval issues.
Education for information management
The state of education for information management is as diverse as the basis for its definitions.
In the UK, the Departments and Schools of Librarianship and Information Science (LIS) have
introduced information management options and, in some cases, new degree programmes in the
field, and have made a strong bid within their institutions to be the lead departments in this new
area. However, there is competition from the business schools (where the focus still tends to be
on the strategic role of information technology and on the consequences of that role for the
management of IT) and from computer science departments, which, in the early 1990s, felt the
effect of declining demand for their courses and which, in consequence, have sought to broaden
the basis for attracting students by offering courses in business information systems and
information management.
Attempts to define the information management curriculum have been limited, but Wilson
(1989b) analysed the contents of key journals in the field and found the following categories:
While the attention given to each of these elements seems likely to differ, they do seem to
constitute the general core of information management and, indeed, those departments of library
and information studies in the UK that have created information management programmes have
produced different mixes of the elements depending upon the existing strengths of the teaching
staff. Since the first edition of this text, the situation has changed little: a study by Maceviçiute
and Wilson (2002) found:
The situation in the USA is similar and appears to have changed little since Lytle (1988) noted
that confusion existed over the educational base for information management and claimed that:
'The reason for the confusion is not curriculum overlap or battles in academia for the latest

2. degree programme. The primary problem is confusion concerning what qualities and skills are
required for IRM positions, whether these positions have IRM, MIS, or other titles.'
Information Security and assurance:
Information Assurance concerns itself with implementing measures focused at protection and
safeguarding of critical information and relevant information systems by assuring the integrity,
availability, authentication, confidentiality and non-repudiation. The measures also provides for
restoring information systems after an attack by putting in place proper protection, detection and
reaction abilities.
Information Security deals with protecting information and information systems from
illegitimate access, usage, revelation, alteration, disruption and destruction to achieve the
objectives of data integrity, availability and confidentiality.
Information Assurance is more strategy focused which implies that the emphasis is more on
tactical deployment of security policies rather than building up of security infrastructures and
designing of protective applications. Information Security, on the other hand is tools and tactics
focused implying that the development of strategic security software and infrastructure is
stressed upon to bolster the overall protection of information system.
Information Assurance specifies the ways to manage and protect critical information more
effectively. Information Security, on the contrary deals with technology and operations to put
together an effective mechanism to better plug the loopholes in the system. The stress is on risk
management by adopting an adaptive and proactive approach in Information Assurance, whereas
Information Security bothers about mitigating the risks involved by technically evolving
architecture and systems to tackle system vulnerabilities.
Information Assurance is broad-based i.e. it is related to risk assessment and management on an
organizational level such as conducting security audits, ensuring compliance to security policies
etc. Information Security is concerned with strategic development and deployment of security
applications and infrastructures like anti-virus programs, encryption services, firewalls, VPNS,
Pen testing, vulnerability analysis etc.
The eventual aim of both the practices is to maintain the integrity of data i.e. guard against
unauthorized modification or destruction of information and ensure data authenticity and non-
repudiation. This will pave the way for timely and reliable access to data while maintaining its
confidentiality.
Strategies and planning element of information security:
The security strategies might be:
1) to increase monitoring of external connections. This will mitigate some risk associated with
increasing the connectivity.
2) to increase the security “hardening” of all customer facing systems.

3. 3) to provide redundancy for critical production system components to improve availability of
services.
Information governance:
Information governance, or IG, is the set of multi-disciplinary structures, policies, procedures,
processes and controls implemented to manage information at an enterprise level, supporting an
organization's immediate and future regulatory, legal, risk, environmental and operational
requirements. Information governance should determine the balance point between two
potentially divergent organizational goals: extracting value from information and reducing the
potential risk of information. Information governance reduces organizational risk in the fields of
compliance, operational transparency, and reducing expenditures associated with e-discovery
and litigation response. An organization can establish a consistent and logical framework for
employees to handle data through their information governance policies and procedures. These
policies guide proper behavior regarding how organizations and their employees handle
electronically stored information .
Information governance encompasses more than traditional records management. It incorporates
information security and protection, compliance, data governance, electronic discovery, risk
management, privacy, data storage and archiving, knowledge management, business operations
and management, audit, analytics, IT management, master data management, enterprise
architecture, business intelligence, big data, data science, and finance.
characteristics of effective security governance. These include:
Solution
Information management
The term 'information management' is used ambiguously in the literatures of several fields: in
computer science and its applications it is used as a synonym for information technology
management or as identical to 'data management', where the emphasis is on the structures
underlying quantitative data and their relationship to the design of databases. In business or
management studies it has similar connotations to technology management, with an emphasis on
the relationship of information technology to business performance and competitiveness. In the
field of librarianship and information science it is identified with the 'emerging market' for
information workers (managers), whose perception of information embraces data, organizational
intelligence, competitive intelligence, external information resources of all kinds and the
associated technology (manual or machine) for handling these different sources. Compared with
the other areas, information management in this latter context is more widely concerned with the
meaning of information for the information user and with information retrieval issues.

4. Education for information management
The state of education for information management is as diverse as the basis for its definitions.
In the UK, the Departments and Schools of Librarianship and Information Science (LIS) have
introduced information management options and, in some cases, new degree programmes in the
field, and have made a strong bid within their institutions to be the lead departments in this new
area. However, there is competition from the business schools (where the focus still tends to be
on the strategic role of information technology and on the consequences of that role for the
management of IT) and from computer science departments, which, in the early 1990s, felt the
effect of declining demand for their courses and which, in consequence, have sought to broaden
the basis for attracting students by offering courses in business information systems and
information management.
Attempts to define the information management curriculum have been limited, but Wilson
(1989b) analysed the contents of key journals in the field and found the following categories:
While the attention given to each of these elements seems likely to differ, they do seem to
constitute the general core of information management and, indeed, those departments of library
and information studies in the UK that have created information management programmes have
produced different mixes of the elements depending upon the existing strengths of the teaching
staff. Since the first edition of this text, the situation has changed little: a study by Maceviçiute
and Wilson (2002) found:
The situation in the USA is similar and appears to have changed little since Lytle (1988) noted
that confusion existed over the educational base for information management and claimed that:
'The reason for the confusion is not curriculum overlap or battles in academia for the latest
degree programme. The primary problem is confusion concerning what qualities and skills are
required for IRM positions, whether these positions have IRM, MIS, or other titles.'
Information Security and assurance:
Information Assurance concerns itself with implementing measures focused at protection and
safeguarding of critical information and relevant information systems by assuring the integrity,
availability, authentication, confidentiality and non-repudiation. The measures also provides for
restoring information systems after an attack by putting in place proper protection, detection and
reaction abilities.
Information Security deals with protecting information and information systems from
illegitimate access, usage, revelation, alteration, disruption and destruction to achieve the
objectives of data integrity, availability and confidentiality.
Information Assurance is more strategy focused which implies that the emphasis is more on
tactical deployment of security policies rather than building up of security infrastructures and
designing of protective applications. Information Security, on the other hand is tools and tactics

5. focused implying that the development of strategic security software and infrastructure is
stressed upon to bolster the overall protection of information system.
Information Assurance specifies the ways to manage and protect critical information more
effectively. Information Security, on the contrary deals with technology and operations to put
together an effective mechanism to better plug the loopholes in the system. The stress is on risk
management by adopting an adaptive and proactive approach in Information Assurance, whereas
Information Security bothers about mitigating the risks involved by technically evolving
architecture and systems to tackle system vulnerabilities.
Information Assurance is broad-based i.e. it is related to risk assessment and management on an
organizational level such as conducting security audits, ensuring compliance to security policies
etc. Information Security is concerned with strategic development and deployment of security
applications and infrastructures like anti-virus programs, encryption services, firewalls, VPNS,
Pen testing, vulnerability analysis etc.
The eventual aim of both the practices is to maintain the integrity of data i.e. guard against
unauthorized modification or destruction of information and ensure data authenticity and non-
repudiation. This will pave the way for timely and reliable access to data while maintaining its
confidentiality.
Strategies and planning element of information security:
The security strategies might be:
1) to increase monitoring of external connections. This will mitigate some risk associated with
increasing the connectivity.
2) to increase the security “hardening” of all customer facing systems.
3) to provide redundancy for critical production system components to improve availability of
services.
Information governance:
Information governance, or IG, is the set of multi-disciplinary structures, policies, procedures,
processes and controls implemented to manage information at an enterprise level, supporting an
organization's immediate and future regulatory, legal, risk, environmental and operational
requirements. Information governance should determine the balance point between two
potentially divergent organizational goals: extracting value from information and reducing the
potential risk of information. Information governance reduces organizational risk in the fields of
compliance, operational transparency, and reducing expenditures associated with e-discovery
and litigation response. An organization can establish a consistent and logical framework for
employees to handle data through their information governance policies and procedures. These
policies guide proper behavior regarding how organizations and their employees handle
electronically stored information .

6. Information governance encompasses more than traditional records management. It incorporates
information security and protection, compliance, data governance, electronic discovery, risk
management, privacy, data storage and archiving, knowledge management, business operations
and management, audit, analytics, IT management, master data management, enterprise
architecture, business intelligence, big data, data science, and finance.
characteristics of effective security governance. These include: