by The Open University
Available in 39 free installments
Owner:
Sharing information in business is itself a risky business. The information that is exchanged between b2b partners, for instance, may include order information, customer details and strategic documents. Such information could be priceless to outsiders. As you saw in the previous section, huge costs can result from information getting into the wrong hands.
In sharing information, an organisation also needs to be aware of the various laws, regulatory frameworks and codes of practice. Failure to comply with these can lead to disciplinary action against individuals and to legal action against organisations. In such situations, directors and managers are duty bound to be cautious and vigilant.
But the rewards of the e-business age can be immense: information has become a powerful source of competitive advantage, and may contribute massively to the value of an organisation and to its ability to meet its mission. And this is not just theory. One only needs to look at the difference between the book value of an organisation ? the value placed on it by accountants ? and its market value ? the value placed on it by investors ? to see the significance of information. For instance, in 1997 Coca-Cola had a market value of $33.4 billion, whereas its book value was only just above $1.2 billion: intangible assets, including information, contributed to over $30 billion of additional value. In the same year, Microsoft had a market valuation 21.4 times its book value: intangible assets, such as information, expertise and the company's huge customer base, made up the difference.
So, clearly, information assets are important. But what counts as an information asset? Part 1 of the British Standard on Information Security Management offers numerous examples.
These assets are listed as item (a) in Reading 2 (linked below), the section ‘Inventory of Assets? from Part 1 of the Standard; a similar list appears on page 96 of IT Governance: A Manager's Guide to Data Security & BS 7799/ISO 177799 (the Set Book).
Click below to open Reading 2 (0.3 MB).
View document(a) Which information assets, do you think, contribute most to (i) Coca-Cola's and (ii) Microsoft's value?
(b) List the information assets that you think contribute most to your organisation's value.
For (a), you may wish to use the internet to help you develop your answer.
For (b), you may need to consult colleagues at work to help you with your assessment.
(a) (i) As well as its expertise in the soft drinks industry, Coca-Cola owns the recipe for Coca-Cola, and this information could be the source of much of its competitive advantage and value ? the recipe is certainly a well-guarded secret.
(ii) As well as knowledge and expertise in developing software, Microsoft owns information in the form of the hundreds of millions of lines of code that comprise its software systems, such as Windows and the Office Suite. These are an obvious repository of value. Note: While this unit was in production, tens of millions of lines of Microsoft code were released onto the internet. One industry commentator remarked that it is now possible that Microsoft's competitors can gain insights into the inner workings of Windows that will allow them to compete more effectively.
(b) This is a very difficult question to answer well unless you are systematic. The Open University, for example, is involved in many areas of endeavour, including teaching, research, administration, external accreditation and providing advice; and each draws on important information. Moreover, how does one measure the value of the information?
With tangible assets ? everything from office supplies to heavy machinery ? the fact that they occupy physical space means that their theft has an obvious effect: quite simply, the asset disappears. Interference with information assets, on the other hand, is not so easily detected. A piece of information does not disappear if it is copied, even if that copying is a form of theft; neither does a computer file change or disappear if it is duplicated. Many of the forms in which information is stored, such as word-processing files, show no traces when they have been interfered with or changed. Even an unauthorised person looking over your shoulder as you read an electronic or paper document may be stealing information without you noticing that they are doing so. Moreover, it is quite possible that the systems that receive, host, manipulate and transmit your organisation's information assets could be tampered with without showing any discernible difference in their structure or behaviour, so that all your valuable information assets could be copied to someone inside or outside of your organisation without your being aware of it until it is too late. One example of this sort of tampering is spyware, which is unauthorised software installed on your computer with the aim of allowing someone at a distance to see what you are doing on your computer. For instance, spyware can record the keystrokes you make as you edit a document, allowing them to be played back on another system to recreate that document.
(a) What precautions do you, or could you, take to assure yourself that there is no spyware on your computer at the moment?
(b) Find out about your organisation's current position on spyware and protection against it.
(a) I have installed, and update regularly, an antivirus package, trusting that the package does what it says and stops all forms of malware. I have also installed an application supervisor that allows me to audit outgoing connections from my machine to the internet: any application that asks the operating system to contact another host on the internet has to wait while the supervisor asks me to verify the connection.
(b) I hope that this is enough to protect me from the worst forms of spyware. However, there are less insidious, but still invasive, forms of spyware. If you have ever connected to the internet using any computer with a browser, it is almost certain that your internet activities have been tracked by advertising companies by means of cookies, pieces of software that record which websites you visit.
The Open University uses a popular, regularly updated antivirus package. It does not specifically protect against spyware, though. Nor is there any policy on the use of cookies: in fact, internally, cookies are used to track the OU's use of resources.
Original Copyright © 2007 The Open University. Now made available within the Creative Commons framework under the CC Attribution – Non-commercial licence (see http://creativecommons.org/by-nc-sa/2.0/uk/).
