Question

As a newly appointed IG team member, and as part of the new IG Strategic Plan, the IG Executive Sponsor has asked you to research Information Rights Management (IRM) technologies available that will aid the organization in automating its ability to restrict how the organizations e-documents are accessed, updated, forwarded, printed, etc. The sponsor has asked you to create a report for the group detailing the selected IRM technology in terms of its implementation, usage, features, capabilities, etc. along with an explanation of its value to the organization if implemented.

Answer 1

Answer-

Information Rights Management (IRM) technologies are to be used by every organization to protect private,sensitive and confidential information from unauthorized access. It can be done by the act of remote-controlling by the admin.

There are different types of information and documents which are spread within the organization: some of the documents must be editable by the specified users and some of the documents are to be given view-access only. Differentiating by the projects in which the employees are situated in: the read and write access should be given to project- specific documents likewise. The admin should have the access of monitoring every activity and must update the access permissions as soon as the work is done. (Eg: the employee shouldn't have any access of information once he/she has been released from a particular project in which they worked).

Similarly the sharing and updating also must be limited to a specific team in which they need to get the control for the necessary purpose. The important documents (softcopies) should always be prevented from copy-paste and edit operations.

Extra feature: Screenshot should also be prevented (Or alarming the admin by a trigger if this operation is performed by any of the employee in the organization).

Network access should only be given to the employees who have valid username and passwords in the portal. Sharing of passwords is not allowed. Disclosing of information is not to be allowed for any employee at any cost.

If this particular IRM strategy is used, there will be an enhanced level of security in which the employees have to abide by the rules and regulations set by the organization and the sensitive information is protected from unwanted access.