Sat Aug 16 06:08:57 PDT 2014

Business modeling: Will an explicit business model be used to support information protection decision-making?


Options:

Option 1: An explicit business model will be used as the basis for making information protection decisions within the enterprise.
Option 2: Existing business models will be leveraged for information protection use.
Option 3: An implicit model will be used.

Decisions:

IF existing business models are available and suitable for information protection, THEN existing business models will be leveraged for information protection use.
OTHERWISE IF a maturity level of defined or higher will be achieved THEN an explicit business model will be used as the basis for making information protection decisions within the enterprise.
OTHERWISE an implicit model will be used.

Basis:

An explicit business model will be used as the basis for making information protection decisions within the enterprise.

Some sort of business model is needed to make rational business decisions about information protection. If the enterprise is to achieve a substantial maturity level, then it must build a business model or use an existing one.

Existing business models will be leveraged for information protection use.

While many enterprises model themselves in different ways, most such models are not suitable or available for information protection related modeling. But if they are, there is no reason to waste resources redoing what has already been done.

An implicit model will be used.

Even if no explicit model is used, individuals within the enterprise use their knowledge and a variety of tools, databases, personal knowledge, and other related things to model the business.

The notion of how the business works is fundamental to making decisions about information protection, because the information protection function supports the business by defining the utility of content and the needs and rationale for that utility. At a detailed level, this may be codified in terms of process diagrams and associated details such as timeliness requirements, business consequences of information and information technology failures of different sorts, internal and external interdependencies, and so forth. At a higher level it is divided into different common functions, such as sales, marketing, and brand, resources that get transformed and produce value, and so forth. These comprise the basic functions of the organization and the foundation for analysis of the value and import of its function or utility.

Copyright(c) Fred Cohen, 1988-2012 - All Rights Reserved