Identity Management Institute launched the Certified in Data Protection™ or CDP program to offer a comprehensive global information protection training and certification program which leverages international security standards and privacy laws to protect any data that needs protection anywhere whether it is personal data or business information residing inside or outside the information systems.
Information security or data protection professionals are often asked about the difference between "data" and "information" or "security" and "protection". This question appears to be challenging to answer at first for those who have not spent much time analyzing the topic and it gets even worse as one starts to Google looking for answers because of the contradictory search results.
Let's analyze some of the search results.
Data vs. Information
According to Identity Management Institute, data is a collection of facts, such as numbers, words, computer codes, and formulas in any form or shape that a business may decide to protect if their confidentiality, integrity, or availability is determined to be important for managing business risks.
In computing, data is information that has been translated into a form that is more convenient to move or process. In other words, when we compare data to information, data is raw and unorganized that needs to be processed. Data can also be something simple and seemingly random and useless until it is organized. But when data is processed, organized, structured or presented in a given context so as to make it useful, it is called information.
To complicate things even further, the information security industry considers privacy as a subset of data protection whereby data is referred to the consumer's personal information. However, if we want to correct our assumption about the definition of the word "data", here's the how Wikipedia defines data:
"Data is a set of values of qualitative or quantitative variables; restated, pieces of data are individual pieces of information. Data is measured, collected and reported, and analyzed, whereupon it can be visualized using graphs or images. Data as a general concept refers to the fact that some existing information or knowledge is represented or coded in some form suitable for better usage or processing."
And here's how Business 2 Community describes data:
In essence, data is raw. It has not been shaped, processed or interpreted. It is a series of 1s and zeros that humans would not be able to interpret. Data is ugly, disorganized, and unfriendly until it is beautiful, organized, and easy to understand.
In other words, data can be any value and in any format. Not just consumer's private information and not just in digital format. And, when it is organized into a useful piece of asset, it is called information.
Security vs. Protection
When we compare security to protection, this is what the Internet offers as explanation:
Security is the degree of resistance to, or protection from, harm. It applies to any vulnerable and valuable asset, such as a person, dwelling, community, nation, or organization. Security provides "a form of protection where a separation is created between the assets and the threat." These separations are generically called "controls," and sometimes include changes to the asset or the threat.
In essence, security enables protection of assets which happens to be technical in nature due to the fact that data often resides and moves in a digital format.
Summary Difference Between Security and Protection
In conclusion, data is the complete set of unorganized bits of facts which may not be immediately useful to users but may be very valuable to computer pirates and data hostage takers. Big data about consumer's online activities and preferences is an example of unstructured data which can be very useful to businesses if management can find a cheap way to organize the data. Information is an organized yet limited subset of the data set.
Security may include technical tools to ensure protection from certain harm such as anti-virus software or firewalls, however, protection is more than just security and includes data life cycle management, processes, and access authorization.
In other words, Data includes the extracted information but information does not include all data elements. And, security is only one element which enables Protection of data. Therefore the term Data Protection is a more comprehensive term which is inclusive of all data elements and selective security measures.
Certified in Data Protection is the first registered data protection certification designed and administered by Identity Management Institute which addresses data protection risks with a global and comprehensive perspective.
Anyone concerned with the protection of personal or business data who would like to receive a comprehensive training which addresses all global data protection risks and be recognized as an expert in data protection must consider Certified in Data Protection as a recognized data protection certification.
The following Critical Risk Domains™ are based on international standards which form the basis for managing the Certified in Data Protection program: