U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

You Can't Secure It Unless You Can Manage It

NCJ Number
215935
Journal
Homeland Defense Journal Volume: 4 Issue: 8 Dated: August 2006 Pages: 32-34
Author(s)
David Smith
Date Published
August 2006
Length
3 pages
Annotation
This article discusses how Information Lifecycle Management (ILM) and Digital Rights Management (DRM) or Information Rights Management (IRM) can assist in the beginning steps to achieving the security of an information-centric enterprise.
Abstract
Information Lifecycle Management (ILM), to address the classification and consolidation of information, and Digital Rights Management (DRM) or Information Rights Management (IRM), whether targeted or enterprise-wide, are logical, necessary first steps to achieving the security of an information-centric endeavor. There are two words for the first step in how a public or private sector organization begins to manage its information technology (IT) assets in an information-centric way: classification and consolidation. The introduction of comprehensive ILM makes use of data classification that aligns how information is handled and stored with business requirements for its use. ILM is seen as a necessary foundation for information-centric security because managing information requires classification and control throughout the entire business information lifecycle. In addition to ILM, DRM, or IRM is a new discipline which was developed to plug the exposure risk gaps that affect intellectual proper use. The way DRM should work is that it will store encryption keys on a central server that can be called the policy server. The policy server authorizes the access or denial of information requests from all users, to all included documents. In the future, as the technology matures, DRM implementation should make automated, cost-effective enterprise-wide deployments more practical.