“Employees should never be told to protect valuable assets. If they’re told this, they usually protect an object that may be expensive to replace but is not what creates or could destroy value. How value is created is a business’ most important asset, and that is what people must focus their protection resources on.”
Scott Borg.
For years, OSS have been seen as insurance policies in some circles. This continues to have an element of truth but like many of the other concepts in “Jumping into the explosion,” this perspective is changing with an expectation on OSS to provide greater business benefits and cost justification.
An earlier post provided details about how your OSS could focus on providing greater business value rather than just a technical solution.
Not only does this analysis assist in the planning of future OSS, but it also assists an organisation to identify what is most important to protect, as outlined by Scott Borg in the quote above. Cyber-security experts and OSS experts alike, rarely know how their organisations really generate value, so they don’t know what they have to focus on to enhance or protect that value.
To this end, I see great benefit in the sharing of business insight between senior executive teams, OSS and security teams despite appearing to have mutually exclusive remits at first glance.
Do you know how your organisation creates (or destroys) value?