In today's digital age, what does safeguarding your assets really mean, and who is responsible and how is it achieved?
With a high percentage of market value now accounted for by intangible assets — e.g., intellectual property (IP), reputation, brand, electronic records — information is now a vital business resource. And, the vulnerability of today's valuable informational assets (IA) to theft has made protection of such assets a matter of urgency.
All of these forms of data have associated expenses and are used to generate revenues for which the CISO has ultimate security oversight. The CISO in turn must ensure the integrity of the "chain of custody" by enforcing rules applicable to key managers and other authorized personnel in their roles as the day-to-day "guardians."
The bottom line: top management must implement a security program that truly protects all assets of the organization.
As a colleague recently indicated, "We need to move toward a critical thinking methodology which is meant to benefit the organization and is based on enterprise-wide risk assessments and risk management."
Are your organization's assets adequately protected in the digital age? I recommend making this a topic of discussion. An effective tone at the top starts with top management implementing appropriate security measures.
Dan Swanson is a columnist for Compliance Week magazine, which follows corporate governance, compliance and risk management. A version of this column originally appeared in the January 2008 edition of Compliance Week.