Enterprises operate across business, people, system,
and data life cycles and proper handling of these life cycles is central
to effective protection of information value and utility.
Business: Businesses go through various
processes in their creation, growth, shrinkage, through mergers and
acquisitions, bankruptcies, and dissolutions. Protection has to be
effective across all of these processes protecting th appropriate things
and meeting the proper duties at each phase. This is an executive
security management function and relates to due diligence.
People: People also have lives and a wide
range of life cycle information informs and effects the protection
process. For example, insurance and health related information
protection requirements differ for the minor children of employees
covered under health care plans. These have to be properly accounted
for and this is a management function as well.
Systems: System life cycles tend to be
shorter than those of people and as a result, they are typically handled
at a technical level as part of the technical security architecture.
Data: Data life cycles start with the
collection of that data and continue through its ultimate disposal and
destruction. Different requirements apply over time and based on the
regulatory and other duties associated with the specific data in
Life cycles are commonly neglected in the analysis of
security and form critical elements of protection effectiveness.