·
Data vs. Information vs. Knowledge vs. Wisdom
Get some value out of these 1's and 0's.
Teams mix these four up constantly. Then cyber owns "the data" while nobody owns the decisions that data was supposed to support.
Rough ladder:
- Data - raw bits. Bricks in a pile.
- Information - data with context. A house built from those bricks.
- Knowledge - knowing what the house is for and how it fails.
- Wisdom - deciding what to build next, and what not to.
In security terms:
- Data sits on disks and in APIs. Little value alone. Usually a cyber / technical protection problem.
- Information is what the business actually uses - a customer record with meaning, a contract, a risk register entry.
- Knowledge is experience applied to that information - how we handled the last breach, which process breaks under pressure.
- Wisdom is judgment over time - which risks to accept, which products not to launch, when to kill a vendor.
Data and information are assets you can point at. Knowledge and wisdom live in people and culture until you write them down.
That split matters for ownership. Protecting bits is cybersecurity. Protecting information - who can see it, why it exists, what happens if it leaks - is information security. I wrote more in Information Security vs. Cyber Security vs. Privacy.
This week: map where your important information lives (not just the databases), name an owner for each pile, and check whether backups and access reviews cover that map - not only the servers.
Related
- Information Security vs. Cyber Security vs. Privacy for why cybersecurity protects data but infosec protects information