The real intent of a company’s information security policy (practices, procedures) is to ensure it reflects the real objective, that is, to sustain (protect, preserve) control, use, ownership, and value of its intangible assets!
Intangible asset assessments should not rigidly adhere to any preconceived or generic templats, rather an assessment should include protocols that are sufficiently flexible to reflect a company’s nuanced circumstances and formats in which its intangibles’ exist.
Conventional (stand alone) business asset valuations may be irrelevant insofar as providing decision makers with the necessary insight and perspective to more effectively utilize and leverage asset value.
Trying to ‘contain’ a company’s intangible assets following a disaster, absent an effective continuity-contingency plan that fully addresses intangibles, is comparable to the title of former U.S. Senator Trent Lott’s book ‘Herding Cats’.
Managing, stewarding, and monitoring a company’s intangible assets are not passive ‘I’ll do it when I have time’ functions, or tasks that can be delegated to the uninitiated who lack the requisite ‘fire in the belly’ understanding that 75+% of company value lies in intangible assets!
One of Dr. Deming’s ‘seven deadly diseases of management’ is ‘running a company on visible assets’ (alone). Was this Dr. Dennings’ reference to intangible assets?