Almost every business relies on the confidentiality, integrity and availability of its data. Protecting information, whether it is held electronically or by other means, should be at the heart of the organisation’s security planning. The key questions to keep under constant review are:
- Who would want access to our information and how could they acquire it?
- How could they benefit from its use?
- Can they sell it, amend it or even prevent staff or customers from accessing it?
- How damaging would the loss of data be? What would be the effect on its operations?
CPNI provides a range of guidance documents and technical notes aimed at improving practices and raising awareness of current issues related to information security. The following sections set out this information in more detail.