Infrastructure management is undergoing a transformation. ITIL can help manage conflicting demands like – “low cost but high service quality”, “ubiquitous access but enhanced security”?

« ITIL V3 – Readiness Assessment | Main | V3 Out of the Box »

For the sake of Valuations

Traditionally our notion around Valuable Assets has been to lock them up or store them in a bank’s locker. These could be monetary in nature, cash, jewels, any other important product/ document that we perceive as valuable to us.

This primarily means a) Getting a fix around the notion of "what value", which is commonly understood and agreed to.

b) Taking ownership of the risk around these valuable assets falling into the wrong hands/ misusedOR c) Transferring the risk to a trusted third party entity with whom we have a business relationship.

In the connected world that we now live in, the focus of information risk is around these information assets, how we consume and benefit these particular assets.

An example of this is the way we get authenticated by our banks when we call them for doing business. Who we are (name - first/last), our account number, last 4 digits of the SSN, date of birth etc. Fundamentally, these information asset sets' are responsible for conveying the information of who we are to the agent at the other end of the line. Any compromise to this information either due to information corruption, application availability or misuse has serious implications to the business transaction.

So the question that came to mind isa) Can you value Information Assets in monetary terms?

b) Are these valuations clearly understood and accepted by a wide audience?

Clearly our ability to value information assets will influence the way in which information risks are being understood and taken care of.

Have yet to come across a methodology or organization that can do this convincingly. Maybe what we need is a new global standard for information asset valuation!

So when looking at the first basic tenet ie scope, - what those information assets are and how important they may be (value to the organization), are often more important, than say where they are located, how are they managed and who manages them.

This brings us to the question of how these information assets can be accessed. Identity and Access Management (IAM) is an essential capability and a key IT Service to contain Information Risk. Looking forward to early next week where I will be talking about IAM and interacting with other like minded participants at the CSI Net Sec conference.

Yet another facet of Information Risk and more from the conference proceedings next week.

Posted by Ramshankar Ramdattan on June 7, 2007 11:53 PM |

TrackBack

TrackBack URL for this entry:
http://infosysblogs.com/ITSM-service-matters-mt/mt-tb.fcgi/8

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)