Michael D. Moberly May 22, 2012
1. Information asset safeguards must be designed for rapid maneuverability to reflect changes in asset value and/or risk! Most information asset safeguards and risk mitigation initiatives are one dimensional. That is they tend to remain constant or static throughout the life, value, and functionality cycle of the specific asset(s) being protected regardless of changes in those assets’ contributory value to current or future company projects or risk.
Exacerbating this, is today’s aggressively competitive and predatorial global business (transaction) environment, in which the value and relevance (useful life cycle) of information-based (intangible) assets are becoming increasingly compressed relative to their linkage and/or contribution to specific (company) tasks, processes, or operations.
It’s prudent then, for the design and implementation of business information (intangible) asset safeguards to incorporate the capability of being maneuverable, i.e., to increase or decrease the level of protection to reflect fluctuations in, not only an assets’ value and relevance, but asset risks, threats, and vulnerabilities.
2. Avoid ‘pushing the future off the table’! Each day companies are presented with an assortment of urgent, near term risks, threats, and challenges which are often translated as pressure to push the future off the table. One consequence of ‘pushing the future off the table’ is that if a company lacks a strong culture of strategic thinking and planning, disproportionate attention will likely be directed to the inevitable chorus of sources, both internal and external, who offer, in my view, largely speculative, worst-case scenario, and/or snap-shots-in-time assessments of risks and threats to business information assets and/or systems.
While the potentially devastating consequences of these pronouncements should never be dismissed, seldom should they serve as the primary rationale or driver for the design and execution of business information asset safeguards without additional and thorough research. Instead, adopting capability and value-based strategies represents a more forward looking, efficient, and holistic approach for safeguarding ‘company critical’ information assets than narrowly focused, time-bound, and anecdotal assessments of risks and threats.
3. Foster relationships! Any initiative to safeguard a company’s information assets, in my view, must include capabilities to sustain control, use, ownership, and monitor value and materiality (of the assets). To achieve the desired level of success, any such initiative must also include fostering collaborative (internal and stakeholder) relationships. This can occur by ensuring the assets’ originators, developers, users, and owners have been properly and effectively engaged at the outset as the impetus for assuming some level of ownership for the initiatives success.
Unfortunately however, one reason some company’s tend not to be this inclusive insofar as fostering collaborative relationships for safeguarding information assets, evolves from the misperception that computer/IT system security equates with, or worse, overshadows information asset security. This is often rooted in the misconception that all valuable (company) information exists solely in electronic ‘bits and bytes’ and is safely stored in stationary servers, back-up sites, or ‘clouds’.
Make no mistake, computer/IT security is absolutely critical to every company, particularly as target specific and/or large scale cyber-attack risks are rapidly becoming a much dreaded and potentially devastating norm. But still, in my view, computer/IT security would be better understood as complimenting, rather than dominating, company strategies and initiatives to safeguard valuable and proprietary knowhow-based (intangible) assets.
While visiting my blog, you are respectfully encouraged to browse other topics/subjects (left column, below photograph) . Should you find particular topics of interest or relevant to your circumstance, I would welcome your inquiry at 314-440-3593 or firstname.lastname@example.org