Information Governance And Assurance

This comprehensive textbook discusses the legal, organizational and ethical aspects of information governance, assurance and security and their relevance to all aspects of information work. Information governance describes the activities and practices which have developed to control the use of information, including, but not limited to, practices mandated by law. In a world in which information is increasingly seen as a top-level asset, the safeguarding and management of information is of concern to everyone. From the researcher who is responsible for ethical practices in the gathering, analysis, and storage of data, to the reference librarian who must deliver unbiased information; from the records manager who must respond to information requests, to the administrator handling personnel files, this book with equip practitioners and students alike to implement good information governance practice in real-world situations. Key topics covered include: - Information as an asset - The laws and regulations - Data quality management - Dealing with threats - Security, risk management and business continuity - Frameworks, policies, ethics and how it all fits together. Readership: Fully supported by examples, discussion points and practical exercises, this is essential reading for everyone who needs to understand, implement and support information assurance policies and information governance structures. It will be particularly valuable for LIS students taking information management and information governance courses, and information professionals with an advisory or gatekeeping role in information governance within an organization.

Information is a vital asset, both in terms of the clinical management of individual patients and the efficient organization of services and resources. In a world in which information is increasingly seen as a top-level asset, the safeguarding and management of information is of concern to everyone. Information governance is the set of multi-disciplinary structures, policies, procedures, processes and controls implemented to manage information at an enterprise level, supporting an organization's immediate and future regulatory, legal, risk, environmental and operational requirements. Information governance should determine the balance point between two potentially divergent organizational goals: extracting value from information and reducing the potential risk of information. It provides a framework to ensure that personal information is dealt with legally, securely, efficiently and effectively, in order to deliver the best possible care. Information assurance (IA) is the practice of protecting against and managing risk related to the use, storage and transmission of data and information systems. Information assurance processes typically ensure the following functions for data and associated information systems: Availability ensures information is ready for use by those that are allowed to access it and at a required level of performance. Information Governance and Assurance discusses the legal, organizational and ethical aspects of information governance and information security and their relevance to all aspects of information work. This book with equip practitioners and students alike to implement good information governance practice in realworld situations. This book will be of valuable resource for LIS students taking information management and information governance courses, information professionals with an advisory or gatekeeping role in information governance within an organization.

"This practical guidance was created for enterprises using or considering using cloud computing. It provides a governance and control framework based on COBIT 5 and an audit program using COBIT 5 for Assurance. This information can assist enterprises in assessing the potential value of cloud investments to determine whether the risk is within the acceptable level. In addition, it provides a list of publications and resources that can help determine if cloud computing is the appropriate solution for the data and processes being considered."--

Information Security in Healthcareis anessential guide for implementing a comprehensive information security management program in the modern healthcare environment. Combining the experience and insights of top healthcare IT managers and information security professionals, this book offers detailed coverage of myriad

The UK is committed to an ambitious vision in which electronic networks will create an Information Society and Knowledge Economy. Information and Communication Technologies (ICT) hold the potential to revitalise UK business, to spur economic growth and competitiveness, to revolutionise working practices and living environments as well as to transform government services and our democratic process. With the froth from the dot.com bubble out of the way, UK businesses are getting down to the serious task of harnessing ICT to make them more competitive. However, it is clear that electronic networks will only be exploited if trust and confidence can be assured. Today, cyber-crime and information security incidents are deterring consumers and imposing costs on businesses. Tomorrow, as organisations become more dependent upon networks, insecurity will be a business critical issue. The UK's corporate leaders are increasingly aware of the importance of managing information risk. Unfortunately, this awareness is not yet being translated into effective risk management and controls. Although almost half of UK companies suffered an information security breach in 2001, only one in 20 has achieved compliance with the international standard for information security management (1S017799). The gap between the business expectations being placed on electronic networks and the means by which senior management are managing the risks needs to be closed if our visions of the Information Society and Knowledge Economy are to be realised.

Information Security in Healthcare is an essential guide for implementing a comprehensive information security management program in the modern healthcare environment. Combining the experience and insights of top healthcare IT managers and information security professionals, this book offers detailed coverage of myriad

Information professionals have been paying more attention and putting a greater focus on privacy over cybersecurity. However, the number of both cybersecurity and privacy breach incidents are soaring, which indicates that cybersecurity risks are high and growing. Utilizing cybersecurity awareness training in organizations has been an effective tool to promote a cybersecurity-conscious culture, making individuals more cybersecurity-conscious as well. However, it is unknown if employees’ security behavior at work can be extended to their security behavior at home and personal life. On the one hand, information professionals need to inherit their role as data and information gatekeepers to safeguard data and information assets. On the other hand, information professionals can aid in enabling effective information access and dissemination of cybersecurity knowledge to make users conscious about the cybersecurity and privacy risks that are often hidden in the cyber universe. Cybersecurity for Information Professionals: Concepts and Applications introduces fundamental concepts in cybersecurity and addresses some of the challenges faced by information professionals, librarians, archivists, record managers, students, and professionals in related disciplines. This book is written especially for educators preparing courses in information security, cybersecurity, and the integration of privacy and cybersecurity. The chapters contained in this book present multiple and diverse perspectives from professionals in the field of cybersecurity. They cover such topics as: Information governance and cybersecurity User privacy and security online and the role of information professionals Cybersecurity and social media Healthcare regulations, threats, and their impact on cybersecurity A socio-technical perspective on mobile cybersecurity Cybersecurity in the software development life cycle Data security and privacy Above all, the book addresses the ongoing challenges of cybersecurity. In particular, it explains how information professionals can contribute to long-term workforce development by designing and leading cybersecurity awareness campaigns or cybersecurity hygiene programs to change people’s security behavior.