- People have to be dealt with in terms of their value in doing things and have to be paid in order to keep working.
Most businesses can be understood at some level in terms of:
- Sales, Market, Brand: Brand is a
reputational element of the information value of a business and
represents a critical factor in sales. Information protection failures
tend to harm brand, but claims of security rarely enhance brand
substantially. Brand is vital to generation of leads, sales, and ease
of success in business. Marketing and the markets that a business
operate in dictate to a large extent the aspects of information
protection that apply and the tolerance for risk and need for
protection. Sales are more directly related to income. All of these
also involve business processes that are key to success and failures in
these processes lead to anything from release of critical competitive
information like pricing or customer details to incorrect pricing to
inability to process orders. Any of these can be catastrophic to some
- Process, Work Flow, Results: Business
processes are critical to their survival and increasingly business they
are highly automated. Attacks on work flows can be highly destructive
and cause subtle effects like the ability for unauthorized individuals
to cause unauthorized changes to business processes, grant themselves
access or monies, disrupt operations, destroy logistics, and otherwise
disrupt business operations.
- Resources, Transforms, Value: Resources are transformed into value through
processes. For example, land is transformed into gold through
extraction processes while chemicals are transformed into medicines
through chemical processes and raw data is transformed into competitive
intelligence through analytical processes. These processes are
fundamental to how many businesses operate and failures in theses
processes lead to failures in the ability of the enterprise to produce
- Supply, Inventory, Transport: Many enterprises take supplies of some sort and move
them from place to place in order to produce value. Wholesalers and
retailers move supplies from suppliers through warehouses and
storefronts into consumers or customers while many companies have
internal logistics processes that support their operations in one way or
another. Disruptions in the supply and logistics process can cause
anything from military campaigns to businesses to fall apart.
- AR/AP, Collections, Write-offs: With the exception of purely cash businesses,
all businesses have accounts payable and receivable, collection
processes, and write-offs. These processes are critical to cash flow
and business operations as well as profitability and customer relations.
Failures in these processes can cause businesses to lose the confidence
of their customers, to offend customers, to be stolen from in large
quantity, and to be unable to meet payroll or other obligations and go
bankrupt. Other elements of the financial systems of businesses are
also important in much the same way and are subject to malicious attack
for their direct financial value.
Infrastructure is used in conjunction with services and applications to
meet the desires and needs of users. The value of the infrastructure
comes in the utility of the services provided to users. If
infrastructures or the services they support fail, the harm is in
reduction of business utility. These servicees also support content
that may have inherent value, lose value with exposure or time, or
otherwise be affected by failures in protection. At the same time
the utility is dictated by the ability to use these services.
- Cost, Shrinkage, Collapse: Costs and changes in costs and cost structure, shrinkage (loss and theft of inventory), and ultimately collapse of markets or businesses effect enterprises in a wide range of ways.
For more details and in-depth coverage of these issues, buy the Governance Guidebook.
This was first published in January 2006