Michael D. Moberly October 29, 2014 ‘A long form blog where attention span really matters’.
Computer/IT breaches breeding grounds for reputation risks…
Wisely, businesses are, for compliance, liability, and reputation reasons, quietly, but rather desperately seeking current and what they believe to be the most effective technologies and software to secure the data and information they produce, transmit, and store which has presumptively and legally been entrusted to their care and control.
Prompting and exacerbating these circumstances have been numerous, very public data breeches and thefts particularly those afflicting large retailers victimized by conglomerations of hackers who acquire untold numbers of personal identifiers and credit information.
Certainly no argument here when such adverse events/acts successfully target a business, in most instances they, quite correctly, produce very public outcry and oversight agency ridicule which, in many instances, rapidly manifests as reputation risk, which an unfortunately high percentage of c-suites and management teams appear to assume, can be just as rapidly stabilized or favorably reversed.
How such adverse events are conceptualized…
What I am proposing is that an unnecessarily high percentage of business leaders and management teams, including the IT/computer security software development community are inclined to conceptualize adverse events affecting data/information, and the economic, competitive advantage, and reputation challenges that follow, through a security vs. an asset value and safeguard lens.
Of all the seminars and product demonstrations I have attended over the span of 25+ years, I am hard pressed to recall any IT/computer security software developer, manufacturer, or vendor frame their products’ advantages in an asset (data, information) value and/or safeguard context.
Asset value can be characterized in many ways…
Asset value of course can be characterized in numerous contexts, aside from the conventional dollar guesstimates, e.g. its proprietary status, its sensitivity to its owner – holder, or its ‘contributory value’.
Efficiencies will accrue…
I am suggesting that efficiencies can accrue to data/information safeguards if IT/computer security…
- were designed to reflect data/information value vs. the ever changing and sophisticated risk – threat trends emanating from the global hacking and cyber warfare entities.
- software were designed to detect and differentiate information asset value fluctuations and materiality and reflect same in gradations of data/information security.
The efficiencies that would then accrue to IT security systems and companies in general, merely by not treating all data/information as if it had equal standing or its value was constant.
As always reader comments are most welcome!
