Information veracity towards a secure information posture

The aim of this paper is to explore the various facets of information veracity, with the goal of unravelling the multiple permutations, methods and approaches for organisations striving to achieve their target level of compliance. Multiple sources of academic papers, commercial frameworks and related industry good practice are analysed to determine if common themes are exhibited. Through this research, four areas are consistently discussed. These areas are information and data regulation, information risk management, information and data governance, and finally information security standards and frameworks. Each of these four themes is then presented, covering the primary objectives related to information veracity. The importance of organisations having full knowledge of data regulations and laws, utilising enterprise-wide organisational knowledge to further strengthen their compliance posture, is highlighted. Information risks management requires the collaboration of numerous stakeholder groups, both business and technology, to ensure an appropriate risks posture is achieved. The role of an integrated organisational, technology and information governance operating model is emphasised as a key enabler to information veracity. Finally, the selection of appropriate, fit for purpose information security standards, frameworks and controls is discussed, with the key premise that re-use must prevail over in-house developed methods.