Michael D. Moberly July 19, 2008
Information asset protection systems, policies, and practices should be flexible and maneuverable to reflect value changes, functional cycles, relevance, and/or obsolescence (of information assets) which are common in today’s nanosecond, go fast, go hard, go global business (information, data) transaction environments.
Delivering the same-constant level(s) of protection to information assets regardless of changes in their value or contribution to a companies’ competitive advantages, brand, reputation, R&D project, etc., can be very inefficient. Today, information asset protection should be gradational (e.g., maneuverable, flexible) to provide the level of (asset) control, use, ownership, and value necessary to ensure companies’ can sustain unchallenged access to and the ability to fully utilize and extract value from their assets at will.
Maneuverability and flexibility (when applied to information asset protection) also means that systems and policies should be designed with the capability – capacity (intertwined with relevant employee attitude, awareness, alertness, and overall company culture) to make rapid, almost thermostatic types of adjustments, i.e., more – less protection as the value, relevance, function cycle, and/oor obsolescence climate warrants.
Respecting state and federal laws that mandate constant levels of protection to ensure privacy of personal data, many companies would be well served to periodically assess particular information assets’ contribution to (company) value, revenue, competitive advantages, reputation, brand integrity, etc., to determine if the same or an adjusted (higher, lower) level of protection resources are warranted? If-when adjustments are justified (based on value changes, functional cycles, relevance or obsolescence, etc.) newly freed up protection resources could be shifted to other information assets that are currently delivering greater value to the company and therefore warrant greater levels of (asset) protection.
It’s the interaction of value, demand, utilization, and to a lesser extent, risks and threats (to a companies’ information, knowledge-based assets) that should become the primary drivers for designing and allocating protection resources!
