The Business Model

Each "business" is unique in what it does, and yet businesses share some things with each other. For example, all businesses involve people and things.

• People have to be dealt with in terms of their value in doing things and have to be paid in order to keep working.
• Things have inherent value, are inventoried and tracked, and get bought, sold, lost, and stolen.

Most businesses can be understood at some level in terms of:

• Sales, Market, Brand: Brand is a reputational element of the information value of a business and represents a critical factor in sales. Information protection failures tend to harm brand, but claims of security rarely enhance brand substantially. Brand is vital to generation of leads, sales, and ease of success in business. Marketing and the markets that a business operate in dictate to a large extent the aspects of information protection that apply and the tolerance for risk and need for protection. Sales are more directly related to income. All of these also involve business processes that are key to success and failures in these processes lead to anything from release of critical competitive information like pricing or customer details to incorrect pricing to inability to process orders. Any of these can be catastrophic to some businesses.

• Process, Work Flow, Results: Business processes are critical to their survival and increasingly business they are highly automated. Attacks on work flows can be highly destructive and cause subtle effects like the ability for unauthorized individuals to cause unauthorized changes to business processes, grant themselves access or monies, disrupt operations, destroy logistics, and otherwise disrupt business operations.

• Resources, Transforms, Value: Resources are transformed into value through processes. For example, land is transformed into gold through extraction processes while chemicals are transformed into medicines through chemical processes and raw data is transformed into competitive intelligence through analytical processes. These processes are fundamental to how many businesses operate and failures in theses processes lead to failures in the ability of the enterprise to produce value.

• Supply, Inventory, Transport: Many enterprises take supplies of some sort and move them from place to place in order to produce value. Wholesalers and retailers move supplies from suppliers through warehouses and storefronts into consumers or customers while many companies have internal logistics processes that support their operations in one way or another. Disruptions in the supply and logistics process can cause anything from military campaigns to businesses to fall apart.

• AR/AP, Collections, Write-offs: With the exception of purely cash businesses, all businesses have accounts payable and receivable, collection processes, and write-offs. These processes are critical to cash flow and business operations as well as profitability and customer relations. Failures in these processes can cause businesses to lose the confidence of their customers, to offend customers, to be stolen from in large quantity, and to be unable to meet payroll or other obligations and go bankrupt. Other elements of the financial systems of businesses are also important in much the same way and are subject to malicious attack for their direct financial value.

• Services: Infrastructure is used in conjunction with services and applications to meet the desires and needs of users. The value of the infrastructure comes in the utility of the services provided to users. If infrastructures or the services they support fail, the harm is in reduction of business utility. These servicees also support content that may have inherent value, lose value with exposure or time, or otherwise be affected by failures in protection. At the same time the utility is dictated by the ability to use these services.

• Cost, Shrinkage, Collapse: Costs and changes in costs and cost structure, shrinkage (loss and theft of inventory), and ultimately collapse of markets or businesses effect enterprises in a wide range of ways.

For more details and in-depth coverage of these issues, buy the Governance Guidebook.