Information security groups often underestimate or overestimate the true value of data assets, making it harder to prioritize controls.
Many information security groups are undermining data availability and security by incorrectly estimating the true value of their enterprise information assets, a new survey shows.
The Ponemon Institute conducted the survey on behalf of document security vendor DocAuthority. A total of 2,820 professionals from seven different functional areas — IT security, product and manufacturing, legal, market, IT, finance and accounting, and human resources — were asked to value 36 different information types on a per record basis. The information types included research and development documents, source code, customer records, merger and acquisition data, and personally identifiable information.