Michael D. Moberly October 10, 2012
Information asset protection programs (for companies) should be constructed to withstand the inevitable consequences of ‘category five hurricanes or Richter scale 5+ earthquakes’!
The proper starting point for achieving this level of sustainable protection is to be alert to anecdotal accountings that provide important glimpses into new techniques, methodologies, and perhaps most important of all, the players. However, to ensure that the asset protection policies and practices address and mitigate specific and growing number of challenges, risks, and threats, I strongly urge practitioners to take the time to become well versed in the most current and objective findings of social science research. Too me, anything less is reckless.
But, perhaps worse, being unreceptive or unwilling to integrate relevant research( findings) in an enterprise-wide information asset protection program can be uncannily apparent to both insiders and outsiders, serving as a global beacon, of sorts, to economic – competitive advantage adversaries that vulnerabilities exist, they can be targeted, they can breached, and assets compromised with a high probability of success.
That readers, conveys the level of sophistication which many adversaries have already achieved and regularly hone to stay well ahead of their respective, all be it, illegal curve!
Readers’ who elect to construe these characterizations as over dramatizations, would not only be mistaken, but it likely suggests they’re simply not current about the risks/threats posed by increasingly (ultra) sophisticated and organized groups of state sponsored, independent actors, and a host of legacy free global (economic – competitive advantage) adversaries, each functioning quite effectively, efficiently, and profitably in the increasingly predatorial and winner–take-all global business transaction environment.
Integral to achieving this defensible level of information asset protection is understanding that today, 65+% of most company’s value, sources of revenue, and ‘building blocks’ for growth, future wealth creation, and overall sustainability lie in – evolve directly from an array of intangible assets, most of which are outgrowths of internally developed intellectual, structural, and relationship capital and intellectual properties.
In far too many instances, however, I observe information asset protection practitioners and programs that appear to have been constructed using quite conventional ‘infosec’ frameworks…
- designed to address subjective, anecdotal, or one-off types of (information asset) threats, risks, or events, or
- based on pre-conceived and outmoded notions of who the adversaries’ are, their origins, motives, MO’s, and beneficiaries (recipients) of any misappropriated (information, intangible) assets, or
- that are country (adversary) specific.
So, in many instances, what such initiatives don’t do, or, do poorly, is to distinguish – focus information (intangible) asset protection resources on specific and/or bundles of intangible assets which…
- elevate company or project value by delivering sources of revenue, competitive advantage, market position, reputation, and
- serve as ‘building blocks’ for (company) growth, future wealth creation, and sustainability.
For the remainder of 2012, and for the foreseeable future, intangible assets are, I am confident, the focal points (targets) of global economic – competitive advantage adversaries and economic espionage. Why?, because it’s the intellectual, relationship, and structural capital (know how) they’re after!
C-suites, including CSO’s, CIPO’s, CTO’s, CRO’s, and CFO’s would be well served to acknowledge the above by distinguishing their company’s intangible assets on the basis of where their company’s value, sources of revenue, competitive advantages, and ‘building blocks’ for growth and sustainability lie, i.e., the…
- Objective value the assets deliver relative to being directly linked to business operations and continuity, i.e., legal, financial, etc.
- Subjective value the assets deliver, i.e., that which flows from the nature and/or context of the assets, i.e., customer lists, pricing lists, relationship capital, strategic planning, new product launches, etc.
Equally essential to constructing effective information (intangible) asset safeguards is recognizing that intangibles are now, more than anytime previous time in business governance history, routine components to any/all business transactions.
Business realities dictate then, knowing precisely which intangible-information/knowledge-based assets carry the greatest value and competitive advantage, will be on most every adversary’s ‘shopping list’.
For these reasons, I recommend information (intangible) asset protection measures be framed around this key principle…the immediacy and criticality of adverse (economic, market, competitive advantage) impacts should specific risks-threats materialize.
Integral to this principle, is understanding key methodologies for valuing information-based (intangible) assets, i.e., based on their…
Fair Market Value – the price which property (ala intangible-information assets) would exchange hands between a willing buyer and a willing seller with neither being under any compulsion to buy or sell and with both having reasonable knowledge of the relevant facts regarding the assets.
- However – in instances in which an insider acquires and sells information assets to an information broker, business intelligence operative, competitor, or foreign agent without knowing the ultimate end user, ‘fair market value’ is merely a euphemism for the highest price.
Value-in-Exchange – Considers the actions of buyers, sellers, and/or investors. It implies the value at which, in this instance, intangible (information-based) assets would sell (legitimately) if offered – became available on a piecemeal or compartmentalized basis.
- However – proprietary information, trade secrets, or other forms of intellectual property sought and illegally acquired by an insider are likely to have multiple and/or standalone elements of value, i.e., a formula, plus the process to operationalize that formula.
Value-in-Use – The value of a unit of proprietary information and/or trade secret that produces on-going contributory value to an enterprise.
- However – the information asset that is sought and acquired is integral to a company’s business operations and is necessary to sustain company value, sources of revenue, market share, competitive advantages, reputation, etc., i.e., Coca-Cola syrup recipe.
Comments regarding my blog posts are encouraged and respected. Should any reader elect to utilize all or a portion of this post, attribution is expected and always appreciated. While visiting my blog readers are encouraged to browse other topics (posts) which may be relevant to their circumstance. And, I always welcome your inquiry at 314-440-3593 or firstname.lastname@example.org