Business Model in Information Security

A model is a schematic description of a system that explains its known or inferred properties and may be used for further research. The business model for information security is, therefore, the schematic description that explains the known properties of business information security (Bojanc & Jerman-Blažič 2013).A business model information system consists of four elements and six dynamic interconnections as explained below.

Organization:

This is an important element of BMIS since the overall design of the business is one part of the most important factor in business. This element and its strategy is one of the requisites that influences the organization element.

Organization element acts as a driver to demonstrate the value of security program to the business and will always have great influence on the performance of the information security program.

Process:

This is the second element of BMIS. The process provides a dynamic link to all of the model’s dynamic interconnections. Processes are made to assist the organizations’ achieve their strategy. This element is very important, and it symbolizes the requirement for a business to develop, educate and enforce security process and procedures.

The process is a key element that will always involve the other elements and the D interconnections .Process will, therefore, consist of a large number of individual processes supporting information security.

Technology:

This is one of the most known parts of information security program, it is a moderately complex and highly specialized in BMIS. Technology gives security practitioners which is one of the many tools used to accomplish the mission and vision of the enterprise or a business. These practitioners include generic security limits of confidentiality, integrity, and availability.

Therefore within BMIS, technology element refers to every implementation of technical skill that could have an impact on the security of information.

People:

This represents the human resource in an organization, for example, the employees, vendors, contractors and service providers. People may be classified as primary or secondary within the BMIS. Primary people are those who are associated with the organization while secondary people are those who are indirectly involved but have some interest in the enterprise. All these groups of people may have some impact on security which may not be the same. People will influence information security through their interaction with the immediate environment reflected on its corporate strategies and processes or in other people.

This business model is, therefore, an interconnection of activities that are carried out in the business and of which without any of them the business operations may not be complete. The four elements are the key parameters of the business model for information security and without their consideration the security of information may not be effective. These key elements are also enhanced through the application of the dynamic interconnections that are, culture, architecture, emergency, governing, enabling support and human factors. (Cherdantseva & Hilton, 2013, September).

References:

1.      Bojanc, R., & Jerman-Blažič, B. (2013). A quantitative model for information-security risk management. Engineering Management Journal.

2.      Cherdantseva, Y., & Hilton, J. (2013, September). A reference model of information assurance & security. In Availability, Reliability and Security (ARES), 2013 Eighth International Conference on IEEE.

Six Future Risks to Information Security

A risk is likely to harm that may arise the current process or from the future occurrence. In this, future risk is the likely harm that may arise from the future occurrence (Zissis & Lekkas, 2012). The following are the six future risks to information security.

Emergence:

Emergence may include natural calamity that is the act of nature which is beyond human control, for example, earthquakes, volcanoes, floods, landslides and many more. Any of these risks could lead to total or partial damage to information security.

Human factors:

This is the release of sensitive or confidential information to an unauthorized person. Accidental disclosure may also arise from the process of hacking, password cracking, tunneling, malware, spyware, viruses, worms and many others (Vacca, 2012).

Culture:

The above named may cause future risk to information security through various ways like exposing trade secrets, exposing strategy and new products to competitors, bad or false publicity, and many others. This may be caused by social interaction of people in a certain environment

Through social interaction, the following may occur, intellectual property theft, copyright infringement, illegal infiltration, competitive research, price surveillance and many more.

Governing:

The above may pose a risk to information security through some of the ways like, acts of war, biological welfare, chemical welfare, electrical welfare that include physical disruption or intentional interference, terrorism, cyber warfare, just to name but a few.

The enabling and supporting factor:

These are people who have all information pertaining a certain information system and who are likely to cause intentional alteration of data, tampering, sabotage, vandalism, fraud, scandals and many others.

Architecture:

This is the general design of the organization. The design gives the interconnection of activities and operations of an organization. The design of the organization structure may determine the security of the information through the determination of how the information will flow in the organization.

How they will affect individuals and organizations

The risks mentioned earlier may negatively affect individuals and organizations involved through some ways. Among them is disclosing individuals’ or organizations’ sensitive information that may pose danger to the affected, it may also create unhealthy business competition to the people involved and can also lead to losses or closure of ones or organizations’ business activities and, in general, it may negatively affect the performance of business.

References:

1.      Vacca, J. R. (2012). Computer and information security handbook. Newnes.

2.      Zissis, D., & Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation computer systems.

Role of Cloud Computing in Business Organizations

Cloud computing has brought a lot of promises and benefits to organizations. It has proved to more than just a simple technology and has being able to transform organizations.  Cloud computing plays a very vital role in bringing agility. It delivers improved agility due to its rapid elasticity and it’s on demand self-service. The IT resources required in the organization can now be deployed easily and can be improved to meet the needs of the different situation s in the organization (Leimeister, Böhm, Riedl, & Krcmar, 2010, June)

Cloud computing has led to increased productivity. This is because it provides a good environment and enables participants in the organization structure to share logic. The capability of cloud computing to provide shared logic in an organization leads to improvement in productivity capacity of the organization. Another role of cloud computing in a business organization is that it brings about better quality. This can be attributed to the better usage of information, manageability, quality provision of IT solution, and the business continuity which comes as a result of cloud computing (Leimeister, Böhm, Riedl, & Krcmar, 2010, June)

There minimization of cost when you use the concept of cloud computing.  Agility, quality, and increased productivity are often associated with cost increment but this is not the case when you employ the use of cloud computing. Contrarily to the notion that it is expensive, cloud computing helps an organization achieve cost reduction through some products such as thin clients, server consolidation, and community sharing. Another role that cloud computing plays in a business organization is creation of new business opportunities. This is achieved through added service provision, and cloud service provision (Leimeister, Böhm, Riedl, & Krcmar, 2010, June)

References:

1.      Leimeister, S., Böhm, M., Riedl, C., & Krcmar, H. (2010, June). The Business Perspective of Cloud Computing: Actors, Roles and Value Networks. In ECIS.