A
model is a schematic description of a system that explains its known or
inferred properties and may be used for further research. The business model
for information security is, therefore, the schematic description that explains
the known properties of business information security (Bojanc &
Jerman-Blažič 2013).A business model information system consists of four
elements and six dynamic interconnections as explained below.
Organization:
This
is an important element of BMIS since the overall design of the business is one
part of the most important factor in business. This element and its strategy is
one of the requisites that influences the organization element.
Organization
element acts as a driver to demonstrate the value of security program to the
business and will always have great influence on the performance of the
information security program.
Process:
This
is the second element of BMIS. The process provides a dynamic link to all of
the model’s dynamic interconnections. Processes are made to assist the
organizations’ achieve their strategy. This element is very important, and it
symbolizes the requirement for a business to develop, educate and enforce
security process and procedures.
The
process is a key element that will always involve the other elements and the D
interconnections .Process will, therefore, consist of a large number of
individual processes supporting information security.
Technology:
This
is one of the most known parts of information security program, it is a
moderately complex and highly specialized in BMIS. Technology gives security
practitioners which is one of the many tools used to accomplish the mission and
vision of the enterprise or a business. These practitioners include generic
security limits of confidentiality, integrity, and availability.
Therefore
within BMIS, technology element refers to every implementation of technical
skill that could have an impact on the security of information.
People:
This
represents the human resource in an organization, for example, the employees,
vendors, contractors and service providers. People may be classified as primary
or secondary within the BMIS. Primary people are those who are associated with
the organization while secondary people are those who are indirectly involved
but have some interest in the enterprise. All these groups of people may have
some impact on security which may not be the same. People will influence
information security through their interaction with the immediate environment
reflected on its corporate strategies and processes or in other people.
This
business model is, therefore, an interconnection of activities that are carried
out in the business and of which without any of them the business operations
may not be complete. The four elements are the key parameters of the business
model for information security and without their consideration the security of
information may not be effective. These key elements are also enhanced through
the application of the dynamic interconnections that are, culture,
architecture, emergency, governing, enabling support and human factors.
(Cherdantseva & Hilton, 2013, September).
References:
1. Bojanc, R., & Jerman-Blažič, B.
(2013). A quantitative model for information-security risk management. Engineering Management Journal.
2. Cherdantseva, Y., & Hilton, J.
(2013, September). A reference model of information assurance & security.
In Availability, Reliability and
Security (ARES), 2013 Eighth International Conference on IEEE.