Determine
the scope
In fulfilling their daily activity, people
working in an organisation don’t interact together in a purposeless manner
– there is usually some a business process objective or end goal involved.
Therefore, for any business modelling to occur such goals must be
identified, relating to the scope of a particular problem domain (in this
case security management).
Some typical end to end objectives relating to security:
 | “improved security around administering external users” |
| “risk mitigation concerning the use of specialist roles” |
| “reduce scope of error with software deployment” |
| “manage the live environment in a secure way” |
In describing these goals, an understanding of the external
stakeholders is also required. These are parties who sit outside the
business process, but either benefit, judge it, or hold it to account in
some way.
These external stakeholders and their goals can be formalised in a
scope model such as the one shown in the following figure:
Figure 1: Scope example
Although in the case of security these goals can often be the mitigation
of key, named risks.
© 2002-2007 Codel Services Ltd
This paper has been prepared
by Codel Services Ltd to illustrate how structured business
modelling can help your organisation. Codel Services Ltd is an IT
Consultancy specialising in business modelling. If you would like further
information, please contact us at: Deryck Brailsford, Codel Services Ltd,
Dale Hill Cottage, Kirby-Le-Soken, Essex CO13 0EN,United Kingdom.
Telephone: +44 (0)1255 862354/Mobile: + 44 (0)7710 435227/e-mail: info@codel-services.com
