Conference Proceedings

An information-centric approach to data security in organizations

Atif Ahmad, AB Tobias Ruighaver, WT Teo

TENCON 2005 - 2005 IEEE REGION 10 CONFERENCE, VOLS 1-5 | IEEE | Published : 2006


Many organizations focus on a computing-centric approach to information security whilst neglecting the security of information on paper and amongst personnel. This paper presents a model that is both media-independent and information-centric, allowing organizations to pursue an integrated methodology towards analysing risks and providing information protection across all types of media. Using this model to map information flows within business and knowledge processes will quickly show that it will be almost impossible to control all risks, but the resulting detailed risk profile may enable the organization to explore alternative processes with lower risks.