Large and small businesses alike, whether domestic, international, or multinational and regardless of service, product, or market, share in certain common assets.
BACKGROUND REVIEW: FOUR-FACTOR MODEL OF INFORMATION SECURITY
There are four valuable assets that all businesses share:
- People (employees and customers)
- Work processes
- Proprietary information
These four factors, or security fronts, are highly interdependently integrated: people in their work processes verify, validate, manage, and maintain “personal” and “business” information using business properties—both actual (computers) and virtual (e-business Web sites). This integrated interdependency across the four factors means that businesses must secure each factor in order to ultimately secure their business borders.
Conveniently, the Business Information Security Program (BISP) is universally applicable; that is, the methods and the exercises used to develop the Security Standards apply similarly to all types of businesses. The only difference businesses will experience in applying the BISP is the time required to complete each exercise: The greater the size and/or complexity of the company, the greater the time requirement. Nevertheless, even the largest and most complex business enterprise can afford the time required to secure its assets, beginning with the first front, the people.
People: The First Factor
The primary assets of every business are people: ...