The Case for: Including RIM in Information Security

[...]a closer look shows quite a bit of overlap with several Principles, the following being the three most significant ones. The chief information security officer (CISO) will certainly already be familiar with the need to: * Develop an information classification schema whereby information is labeled as public, internal, or confidential * Apply proportionate controls to protect sensitive data * Put in place auditable access controls, as well as logging and monitoring mechanisms to ensure proper protection is taking place The majority of security tools deployed in a given environment are dedicated to protecting sensitive data. Protecting against cyber threats, such as denial of service or distributed denial of service, is critical to maintaining system availability. [...]a RIM program brings knowledge of: * Data flow * Where sensitive data and systems sit in the organization * Who has access to what information * What data may contain personally identifiable information (PII) and be subject to additional regulation * Potential new repositories of information that lack sufficient protection, which is critical to a CISO determining where to deploy limited resources Secondly, RIM is able to act as a key partner by advising on retention rules, including for sensitive data across the organization. [...]RIM may have established processes that IS will be able to use as a model for creating or improving its own processes to become more efficient and save resources. By aligning with someone so important in the organizational structure, RIM professionals could have more opportunities to: * Articulate the importance...