Traffic signs are designed to regulate the flow of traffic and prevent accidents from occurring. Despite the posting of these signs, it does not mean accidents will never
happen, instead such preventive measures reduces the chance of accidents from occurring. Following these signs is done not only to protect a person from an accident, but to also follow the laws created to deter people from causing accidents and harming others.
Information Risk Management (IRM) works in the same way as traffic signs. IRM is used as a preventative means to mitigate those risks associated with information. IRM pertains to every aspect of information, including: creation, use, management, security, privacy and destruction of organizational information. It also needs to be reviewed and followed by those in the fields of legal, information technology and security, policy, compliance, records management, interface and interaction design, UX and others involved in areas where information risks are probable.
Just as traffic signs notify motorists of regulations, provide warning to
potential hazards on or near the roadway, and provide needed guidance
to destinations, so do information risk managers notify organizations of legal and regulatory requirements, they provide warning of potential data breach hazards beyond IT, and also provide continual guidance and training to ensure an organization is following the right course in order to mitigate their information risks.
IRM is not always following a simple course of action, sometimes the industry standards, organizational policies and legal requirements clash, just like traffic signs can sometimes cause confusion and even contradictions. Therefore, it is important to have information risk managers that are well-rounded in their knowledge and expertise.
