The Five Information Value Questions

I recently posted about an internal security campaign that I initiated at Thales Australia and New Zealand (TANZ) to bring the value of information to the front of employees mind.

The issue I see is that while TANZ has a strong security culture, sometimes, during adhoc and unplanned collaboration such as internal instant message discussions, the internal mental alarms may not trigger, as other drivers, such as business milestones, are front of mind. 

Following the example of Rachael Falk and Mike Burgess who developed, while at Telstra, the five knows campaign for information protection, I recommend that the following five Information Value questions are asked when employees are sharing information both online and offline.  

?        What is the value of the information to you?

?        What is the value of the information to your business team?

?        What is the value of the information to the organisation?

?        What is the value of the information to our competitor?

?        What is the value of the information to the criminal element?

 Not all the questions are relevant every time information is shared, however if you are quickly running through the questions in your mind, this at least  ensures you’re giving yourself the best opportunity to consider all implications of information sharing.  

One thing I have found when asking these questions is that people have trouble defining the value in each of the contexts. This may be due to a point written about by Audrey Fenner in their paper on "Placing Value on Information" where it is stated: 

"Information has no value in itself; its value is derived from its understanding and subsequent application."

  and

"Society values only the product, or result, of information"

 To help people better determine value I have found applying the following context to each question helps derive a potential value decision.

What is the impact if the information is lost or made public?