This blog’s goal is to answer the question “what policies should my organization adopt to handle the information in our control, and what’s the best way to create and implement those policies?”
Another way of putting it: this blog is about “what do I do with my stuff?” for business information.
As stated elsewhere on this site, as organizations get larger, and especially when organizations are in high risk or heavily regulated industries, answering this question has huge financial consequences.
The heroes and villains of this blog will almost always be forms of technology, with occasional cameos by human foibles, like the tendency of most people to forget little details (such as where they put certain files) and the habit some people have of taking things that don’t belong to them (like company data).
First things first. In the beginning, before one makes decisions or imposes rules about one’s information, one must know something about it. The two most basic types of information about information are metadata and content. Metadata means things like who authored a document, when it was created and modified, what type of file is it, who has had access to it, etc. Content means the “about” of the document, which is typically needs to be described using language rather than numbers or dates, like a summary or categorization of what’s in a document. Content is often characterized by how documents are similar to, or duplications of, other documents.
So assuming you have access to your company’s information and can obtain access to both metadata and content information about your company’s information – these two huge assumptions will be the subjects of future blog posts – one can get busy with policies.
For example, if one were to establish a company policy of “email attachments over 1GB in size will not be accepted” – perhaps too many large attachments would choke a company network bandwidth or email servers – only a single piece of metadata about each attachment is required: the file size. A more elaborate email policy might delve into the content of email attachments, prohibiting attachments that are offensive (like explicit photos) or illegal (like bootlegged audio, video, or software). Or a policy might involve both metadata and content, perhaps placing restrictions on transmissions of company confidential information as identified by metadata, for example documents created by certain people, and by content, for example documents containing descriptions of confidential product design specifications.
In subsequent blog entries I will be examining technologies which help assess and process information based on both content and metadata, particularly clustering (sorting) technology for content, and visualization technology (particularly graphical visualization) for metadata.