Michael D. Moberly June 15, 2009
Information asset safeguards must be flexible and maneuverable! Most information asset safeguard initiatives are one dimensional. They tend to remain constant throughout the life – value cycles of the assets being protected and do not fluctuate with gradational (routine, periodic) changes in their value, relevance and/or currency to on-going or future company programs or projects. Exacerbating this, in today’s hyper-competitive and nanosecond global business environments, is the reality that the value and relevance of information assets, in general, is becoming increasingly compressed and short-lived relative to their support for and/or linkage-contribution to specific (company) tasks, processes, or operations. Therefore, business information asset safeguards must be sufficiently flexible and maneuverable to reflect fluctuations in, not only value and relevance, but also, risks, threats, and vulnerabilities as well.
Avoid ‘pushing the future off the table’! Each day company’s are presented with urgent, near term challenges that create pressure to push the future off the table. One consequence is that, lacking effective strategic planning, disproportionate weight is given to the persistant chorus of sources offering largely speculative and worst-case scenario snap shots about particular risks and threats to business information assets and/or information systems. While the potentially devastating consequences of these pronouncements should not be dismissed, neither should they serve as the exclusive rationale for the design and execution of business information asset safeguards. Instead, adopting capability and value-based strategies represents more forward looking, efficient, and holistic approaches for safeguarding valuable and (company) critical information than those sometimes narrowly focused and time-bound mini-risk/threat assessments.
Safeguarding business information assets should also be about fostering relationships! Any company initiative to sustain control, use, ownership and value of their business information assets must include efforts to foster positive relationships by engaging the originators, developers, users, and owners of that information. One reason for a company’s lack of emphasis on fostering such relationships is the perception that computer/IT system security equates with information asset security when, in fact, it does not! Computer/IT security, while critical to most every company, would best be characterized as complimenting, rather than dominating, strategies to safeguard company information assets.