Information Technology Reference
In-Depth Information
Each type of activity deserves a different security approach. Because activities are
interdependent, we need another tool to analyse and adequate a security model
architecture so that this interdependence is taken into account. Business processes are
used as a tool to perform this task since the emergence of TQM during the 1980's
3,10
,
first for TQM, and after for BPR. Business processes link activities to fulfil customers'
needs and are thus powerful tools to compare activities and their relation to their business
value. But business processes have to be considered by their criticality, which leads us to
add yet another dimension to our model.
A second dimension for our analysis is time dependence. Time is money, which means
that only the most critical activities have to receive the largest budget share. Time
shortening greatly reduces organizational slack. For example, just-in-time management
greatly reduces intermediate stocks, which means that when a problem arises, the risk of
stopping activities also arises just-in-time. When business processes are slow, or when
activities rely on paper, enterprises do not face a great technological risk, because
expectations regarding information access are on the low side. But when information has
to be accessed in real-time, security needs are completely different. In the Internet, the
content is the business, the communication is the business, and the technology is the
business. Therefore, processes have to be considered by their criticality regarding real-
time needs alongside their value creation and risk exposure.
Last but not least, the third and perhaps most important model's dimension, is the
information intensity of the activities' content. It is easy to understand that an information
intensive activity relies more on information, and hence on technology. We have to
devise this information intensity, alongside the other two dimensions and link it to value.
The integrated use of the three dimensions classifies activities and information
according to its criticality. This classification creates an architecture that evolves in real-
time together with use of information and activity evolution. To be useful, this
architecture has to be linked to the actual information architecture of the organization as
an information system living in real-time with every other information system. The
knowledge acquired through this model can then be used to effectively manage security
in real-time.
8.
THE NEED FOR COMPETITIVE INTELLIGENCE
The proposed methodology relies on managers' perception of value and risk. Rapidly
evolving markets create new competitors, new business and new risks of their own. It is
crucial to consider business intelligence, or even better, competitive intelligence
activities that acquire the relevant knowledge in order to increase the peripheral vision
and tackle blind spots. The value and the risk of any enterprise always has to be
conceived in the reality of competition. Competitive knowledge refines strategic
decision-making and, hence, the security architecture.
9.
A FRAMEWORK FOR MANAGING SECURITY OF UBIQUITOUS
INFORMATION
Following the three dimensions presented above, we now propose an information
management model with three dimensions for managing security of ubiquitous
Search WWH ::
Custom Search