Value is the main goal of every organization. Value depends on assets. Asset types can be variable. For example; information, people, physical assets, applications, funds …etc.
Like Assets, value has different types; money, brand, social image, government duties..etc. Last years all companies’ use of computer and information become important. So everyone talks about information security. Before this IT security and before physical security have been talked generally.
Maybe there will be another topic for security in future. But the organization’s main goals never change. Value. Its details can be changed, categorization can be changed. So the main security framework must focus on Value. Value security, Value Risk, Value Management,…Etc.
Value Governance includes all these valuable details. Risk Governance is a part of Value Governance, Enterprise Governance is part of Value Governance, Security Governance is part of Value Governance too.
To establish a Governance Framework, Chain and hierarchy must be designed. For Value governance, Value Chain must be designed. For this main reason, you must design your Value Chain. We know there are so many threats, so many factors and so many vulnerabilities. And we cannot fight on all fronts at once. So we need a criticality perspective. Your perspective is hidden in your value chain.
If we can start to design a cyber-security governance model, the first step is to design the valuable services that can be paid money (We assume that our company has only the goal of making money.) or can affect our paid services. This is meaning that “all the services from B2C”.
The second step is to design support services. For example applications -> resources -> and suppliers.
At these article parts, we will not tell about service management, it is not our first focus area. But we want to explain that without value chain you cannot be secure or you cannot protect your all assets.
It will continue…