SIDEBAR: What's Your IP WORTH?
Define the value of corporate data to prioritize security investments
You may think you know which pieces of your company's intellectual property are most valuable — and therefore most vulnerable to intellectual property theft. But you're probably wrong.
Even at Microsoft, which is known for zealously guarding its IP, "one of the hard things to do is to get business leaders to articulate what pieces of information are most valuable in running their businesses", says Jim DuBois, general manager of information security and infrastructure services for Microsoft IT.
To capture the information you need to plan IP protection, ask questions, says Bill Boni, Motorola's CISO. You might start by inquiring what information might let a competitor move ahead in the market or help a counterpart in a foreign company achieve personal gain. A good business intelligence department can use its data to help.
Once you've identified your company's critical IP, which controls and countermeasures you put in place may come down to how much you want to spend defending certain know-how. Because there's little accurate data available on the costs of IP theft, there aren't any concrete cost-benefit models to work with. Boni uses Motorola's own financial predictions. "You've already done a lot of financial analysis about the benefits of a product or service," he says. "You can use those to estimate the damage if that IP is lost or stolen."
The cost-benefit calculation comes down to the probability of IP theft times its consequences, says O Sami Saydjari, president of Cyber Defence Agency, a security consultancy. "If there's a decent probability that attacks could cost you $500 million, it might make sense to invest $5 million," Saydjari says. "Without that expected loss, you can't make the business case."
— S OVERBY
Comments
Post new comment