- Business: Businesses go through various
processes in their creation, growth, shrinkage, through mergers and
acquisitions, bankruptcies, and dissolutions. Protection has to be
effective across all of these processes protecting th appropriate things
and meeting the proper duties at each phase. This is an executive
security management function and relates to due diligence.
- People: People also have lives and a wide
range of life cycle information informs and effects the protection
process. For example, insurance and health related information
protection requirements differ for the minor children of employees
covered under health care plans. These have to be properly accounted
for and this is a management function as well.
- Systems: System life cycles tend to be
shorter than those of people and as a result, they are typically handled
at a technical level as part of the technical security architecture.
- Data: Data life cycles start with the collection of that data and continue through its ultimate disposal and destruction. Different requirements apply over time and based on the regulatory and other duties associated with the specific data in context.
Life cycles are commonly neglected in the analysis of security and form critical elements of protection effectiveness.
For more details and in-depth coverage of these issues, buy the Governance Guidebook.
This was first published in January 2006