[ISM3 Users] Tuesday Insight: Environments

[Gary Hinson]

> The difference in POVs is that you want all the conceivable modeling
> data regardless of the model; while I think that collecting too much
> data is time consuming and expensive.

"All conceivable" and "too much" are emotive terms, Vicente.  
 
> With a good enough model and good enough data you can take informed
> decisions; with a perfect model and perfect data you can take informed
> decisions as well; but the ROI will be worse, or even negative.

"Good enough" and "perfect" are open to interpretation too!

I would argue that comprehensive, accurate and up-to-date (a.k.a. high
quality) data on information assets means better informed and hopefully more
accurate management decisions.  It reduces uncertainties and errors which
*may* be costly if they lead to information security breaches.  The clincher
for me is that it facilitates a number of additional business processes
which otherwise end up doing their own thing, causing duplication/waste and
conflicts.  A high quality information asset inventory/database, shared
amongst various departments, can be used for multiple purposes e.g.:
- information security risk assessments and compliance assessments
(including SOX)
- financial valuations and depreciation
- insurance purposes
- software license management
- information/data management
- change and configuration management including change planning and
redeployment/greater use of dormant assets
- contingency planning
- performance management and capacity planning
- physical management (e.g. power requirements and heat load)
- vulnerability management

Sure, it is an investment and I believe I could build a decent business case
on the above basis.

Kind regards,
Gary