The business world operates on information. Client files, payroll, operating procedures, formulas and more are today as always, part of the business’ assets. Moreover, most of these information assets are sensitive assets that should be accessed only by certain personnel. How can a business safely operate if they are not able to classify and identify their informational assets, never mind being able to protect them through a competitive intelligence plan?
Classifying information resources within a company is vital to determining a competitive intelligence protection strategy. Classification, as it relates to information, is about what Business Line the information belongs to, who has access to this information, and how sensitive these assets are. Knowing that is a crucial aspect to developing a defensive informational protection strategy.
At its simplest, a defensive informational protection strategy consists of identifying informational assets within the company. Classifying these informational assets as to sensitivity and location is important to protecting them. Then, using the correct tools and procedures to assure that this information is properly secured from threats comes next.
Information as an asset is not like financial assets that are locked away in a bank; it is a constantly flowing and changing data within the company itself, including its computer systems and resources.
A company must safeguard these valuable assets by identifying the underlying resources that process, store or transport them, and by establishing operating procedures to control access to these resources. Indeed, a defensive strategy must be in place to prevent unauthorized access and document alterations, to react in an appropriate manner to security threats and to develop crisis measures should these informational assets get compromised.
It is impossible to develop strategies for competitive intelligence if the groundwork of locating, classifying and protecting informational assets is not first undertaken. You cannot defend what you do not know you have. On the other hand, as “people in glass houses shouldn’t throw stones”, those who are vulnerable cannot efficiently compete with others.
The company’s industry, their goals, and their tools determine what is considered an information asset for their unique business. Some companies have intellectual properties, procedures, or even formulas to protect while others may have sensitive employee data, banking information, and accounting information as their only considerations.
Unlike the bank vault, the information assets possessed by a company are not guarded as much by locks, as by people, processes and technologies.
What approach do you use to outline what you have and what you want protected? How do you design and implement an adequate set of technical and organizational procedures to reach the required level of security in the concerned areas?
Comments and insights are more than welcome!