KAGE Data Protection Framework™


KAGE™ is an information security framework developed by Identity Management Institute to propose a simplified information protection process and roadmap to corporate executives and security professionals for developing an information protection plan.

The KAGE Data Protection Framework™ is so simple that its unique acronym makes it easy for management to remember the main objectives when building their data protection program.

For an information security program to be effective, there are 4 main focus areas which must be addressed. The KAGE acronym letters stand for Know, Articulate, Guide, and Enforce actions. The details of each area is described below:

Know – In order to implement an effective information protection strategy and program, security professionals must first know which information they want to protect and how. In order to achieve this goal, initial and periodic risk assessments must be performed to identify the information protection scope, threats and gaps in the information security controls. Then, based on data classification, professionals decide how to protect each data category that meets internal and external needs.

Articulate – Once the relevant security scope is established, policies and procedures are documented, and responsibilities are assigned, the information must be communicated to the appropriate staff and other parties to make sure everyone understands how the company intends to protect its information and how others in the company can contribute to achieve the overall data protection goals.

Guide – Often, employees who are assigned tasks to support the data protection program or can unknowingly introduce risks for the company must be provided periodic awareness and training to be guided in the right direction and be reminded of their responsibilities and capabilities for helping the company achieve its goals.

Enforce – Finally, the information protection program and its underlying polices and procedures must be enforced to be effective. Without monitoring and enforcement, violations may not be detected and management directives may be ignored.

The KAGE data protection framework includes many details however, the overall concept and the acronym is created to simplify the data protection process. Click below to visit the Certified in Data Protection page to register and become certified.