The Business Model

Each "business" is unique in what it does, and yet businesses share some things with each other. For example, all businesses involve people and things.

Because most businesses deal in financial currency, this is certainly an important element of the business modeling process, but the value of most businesses is an order of magnitude or more higher than the inventory value of its assets. This difference is, in one form or another, the information value of the enterprise. Enterprises also value different things. For example, educational institutions are generally non-profit and their main output is graduating students with life-long knowledge that will help them live better and help society prosper. Military enterprises produce the force needed to help exert influence through direct application of power as well as the potential for force that deters conflicts and people and skill sets that benefit society as a whole, but they can also produce devastation and large-scale loss of life, liberty, health, and property.

Most businesses can be understood at some level in terms of:

These and other business functions can be codified in terms of business process diagrams and the elements of the processes diagrams can be associated with failure conditions producing losses as a function of the durations of the failures. Information technology and its role in supporting these business processes can be codified by indicating which processes that technology interacts with and how losses of integrity, availability, confidentiality, use control, and accountability can impact those processes. These then are the depictions of the business that help to understand information and information technology related risks from a business perspective.

For more details and in-depth coverage of these issues, download and read "Enterprise Information Protection"