Enterprises operate across business, people, system, and data life cycles and proper handling of these life cycles is central to effective protection of information value and utility.
- Business: Businesses go through various processes in their creation, growth, shrinkage, through mergers and acquisitions, bankruptcies, and dissolutions. Protection has to be effective across all of these processes protecting th appropriate things and meeting the proper duties at each phase. This is an executive security management function and relates to due diligence.
- People: People also have lives and a wide range of life cycle information informs and effects the protection process. For example, insurance and health related information protection requirements differ for the minor children of employees covered under health care plans. These have to be properly accounted for and this is a management function as well.
- Systems: System life cycles tend to be shorter than those of people and as a result, they are typically handled at a technical level as part of the technical security architecture.
- Data: Data life cycles start with the collection of that data and continue through its ultimate disposal and destruction. Different requirements apply over time and based on the regulatory and other duties associated with the specific data in context.
Life cycles are commonly neglected in the analysis of security and form critical elements of protection effectiveness.
For more details and in-depth coverage of these issues, buy the Governance Guidebook.