Business Model in Information Security

A model is a schematic description of a system that explains its known or inferred properties and may be used for further research. The business model for information security is, therefore, the schematic description that explains the known properties of business information security (Bojanc & Jerman-Blažič 2013).A business model information system consists of four elements and six dynamic interconnections as explained below.

Organization:

This is an important element of BMIS since the overall design of the business is one part of the most important factor in business. This element and its strategy is one of the requisites that influences the organization element.

Organization element acts as a driver to demonstrate the value of security program to the business and will always have great influence on the performance of the information security program.

Process:

This is the second element of BMIS. The process provides a dynamic link to all of the model’s dynamic interconnections. Processes are made to assist the organizations’ achieve their strategy. This element is very important, and it symbolizes the requirement for a business to develop, educate and enforce security process and procedures.

The process is a key element that will always involve the other elements and the D interconnections .Process will, therefore, consist of a large number of individual processes supporting information security.

Technology:

This is one of the most known parts of information security program, it is a moderately complex and highly specialized in BMIS. Technology gives security practitioners which is one of the many tools used to accomplish the mission and vision of the enterprise or a business. These practitioners include generic security limits of confidentiality, integrity, and availability.

Therefore within BMIS, technology element refers to every implementation of technical skill that could have an impact on the security of information.

People:

This represents the human resource in an organization, for example, the employees, vendors, contractors and service providers. People may be classified as primary or secondary within the BMIS. Primary people are those who are associated with the organization while secondary people are those who are indirectly involved but have some interest in the enterprise. All these groups of people may have some impact on security which may not be the same. People will influence information security through their interaction with the immediate environment reflected on its corporate strategies and processes or in other people.

This business model is, therefore, an interconnection of activities that are carried out in the business and of which without any of them the business operations may not be complete. The four elements are the key parameters of the business model for information security and without their consideration the security of information may not be effective. These key elements are also enhanced through the application of the dynamic interconnections that are, culture, architecture, emergency, governing, enabling support and human factors. (Cherdantseva & Hilton, 2013, September).

References:

1.      Bojanc, R., & Jerman-Blažič, B. (2013). A quantitative model for information-security risk management. Engineering Management Journal.

2.      Cherdantseva, Y., & Hilton, J. (2013, September). A reference model of information assurance & security. In Availability, Reliability and Security (ARES), 2013 Eighth International Conference on IEEE.