Michael D. Moberly December 11, 2008
Analogy – ‘If I find a hole in my company’s proprietary information fence, the job of information security is to patch the hole. The job of an information asset protection specialist is, in addition to helping patch the hole, determine…
1. What caused the hole in the fence to develop in the first place and were there precipitating factors and/or precursors…?
2. Under what circumstances was the hole in the fence discovered…?
3. Who knew the hole in the fence existed before it was discovered, but did not report it…?
4. How long the hole in the fence existed before it was discovered…?
5. What information assets got through the hole in the fence before it was discovered and patched…?
6. Is there evidence that the information assets that got through the hole in the fence before it was discovered and patched were specifically targeted or randomly selected…?
7. How much (economic) impairment – hemorrhaging to value, materiality, competitive advantage, brand, image, goodwill, IP ownership, trade secrecy and/or strategic planning, etc., occurred as a result of the hole in the fence…?
8. Is it known who the recipients of the information assets that got through the hole in the fence before it was discovered and patched…?
9. How will the recipients likely use – exploit the information assets against the company…?
The responsibilities of information (security) asset protection specialists are now cross-functional and converge with risk management, HR, IT security, intellectual property counsel, audits, valuation, R&D, business units, and brand integrity, etc. The objective is to collectively collaborate with each to sustain (protect, preserve) control, use, ownership, and value of a company’s information assets. (The above analogy was adapted by Michael D. Moberly from a March, 2007 speech made by Joel Brenner, Director, Office of National Counterintelligence Executive (ONCIX) to the American Bar Association in Washington, D.C.)