Michael D. Moberly December 12, 2008
Information asset protection is not solely about recognizing and (subjectively) assessing risks and threats anymore. It’s also about recognizing and distinguishing the value of (targeted, high value. competitive advantage) information assets, which broadly speaking, fall into two categories:
– Objective value: Information assets that have objective value are often directly linked to business continuity, i.e., legal, financial, etc.
– Subjective value: Information assets that have subjective value tend to evolve-flow from their nature and/or context, i.e., customer lists, pricing lists, strategic planning documents, new product launches, etc.
Distinguishing informations assets’ subjective – objective value has relevance to the role of information asset protection specialists on two levels, i.e., by providing (1.) context/perspective for identifying what type of safeguards are necessary (suitable) and how to operationally segregate the safeguards, i.e., protection processes, technologies, practices, procedures, etc., and (2.) insight about the expected/anticipated immediacy and criticality of adverse impacts to a company should a particular risk/threat materialize, and/or (b.) information loss occur.
Information asset protection is also about understanding basic methodologies for valuing the information assets, i.e.,
Fair Market Value – The price which property (ala information assets) would exchange hands between a willing buyer and a willing seller with neither being under any compulsion to buy or sell and with both having reasonable knowledge of the relevant facts.
For example – in instances in which an insider acquires and sells information assets to an information broker, business intelligence operative, competitor, or foreign agent without knowing the ultimate end user, ‘fair market value’ is merely a euphenism for the highest price.
Value-in-Exchange – Considers the action of buyers, sellers, and investors and implies the value at which the asset (proprietary information, trade secret, etc.) would sell on a piecemeal – compartmentalized basis.
For example – the proprietary information/trade secret sought and acquired by the insider has multiple and/or stand alone elements of value, i.e., a formula, plus the process to operationalize that formula.
Value-in-Use – The value of a piece of proprietary information and/or trade secret that is an on-going contributory element to the business enterprise.
For example – the asset sought/acquired is integral to a company’s business operations and is necessary to sustain market share, competitive advantages, image, goodwill, etc., i.e., Coca-Cola syrup recipe.