Understanding the Business Environment

Previous page
Table of content
Next page


An InfoSec program and supporting organization is not the reason that a business or government agency exists. In the case of a business, the company usually provides a service or a product. The business has certain information or systems that are vital to performing its service and producing its product. The purpose of an InfoSec program, therefore, is to provide service and support to the business.

In order to meet the needs of its customers, both internal and external to the company, it is imperative for the ISSO to understand the company and the company's business. This includes the following:

  • History

  • Products

  • Business environment

  • Competition

  • Long-range plans

  • Short-range plans

  • Cost of business

  • Product value

These are important because the InfoSec program is not a product to be sold in the global marketplace; it does not bring in revenue. In fact, the costs of an InfoSec program, no matter how efficient and effective its operation, take profits away from the business—unless you can prove that the InfoSec program is a value-added service which financially supports the business, assisting in bringing in revenue.

In this globally competitive economy, there is increasing competition for market shares in the worldwide marketplace. It is important for the ISSO to understand this competition and what can be done by the ISSO through the InfoSec program to enhance business, increasing such things as profits, market shares, and income.

Kenichi Ohmae, in his book The Mind of the Strategist,[3] discusses product/service differentiation in the form of "the strategic three C's": the corporation, the customers, and the competition (Figure 2.1). Corporations and competitors are differentiated by costs. Customers differentiate between the corporation and competitors by value.

click to expand
Figure 2.1: Business competition based on Ohmae's strategic three C's.

Customers will buy a product that they want (consider of value), if it is a quality product at the right price. Therefore, it is important that the InfoSec program add value to the product and do so at least cost, in order for the business to remain competitive in the marketplace. So, treat the InfoSec program as a product which adds value and minimizes costs. Since it is your product, market it and sell it!

[3]Ohmae, Kenichi. The Mind of the Strategist. Penguin Books, Ltd., Middlesex, UK, 1982.


Previous page
Table of content
Next page
The Information Systems Security Officer's Guide. Establishing and Managing an Information Protection Program
The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program
ISBN: 0750698969
EAN: 2147483647
Year: 2002
Pages: 204
Authors: Gerald L. Kovacich CFE CPP CISSP
BUY ON AMAZON
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
Java for RPG Programmers, 2nd Edition
Excel Scientific and Engineering Cookbook (Cookbooks (OReilly))
Java How to Program (6th Edition) (How to Program (Deitel))
Visual C# 2005 How to Program (2nd Edition)
C & Data Structures (Charles River Media Computer Engineering)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy