Inbound Logistics can best be thought of as the Supply Chain. Imagine a shoe factory. Inbound Logistics would include the various components of the shoes, as well as the methods of their acquisition — this could include sheets of leather, rubber for soles, grommets, and shoelaces.

Shoes don’t grow on trees, you know.

The various partners and suppliers of these components is also critical to the Inbound Logistics portion of the Value Chain, as is how the pre-production elements are packaged and delivered. As we will explore later, the Inbound Logistics phase of the Information Security Value Chain is often the Outbound Logistics phase of a value chain owned and managed by another party.

So what are the raw materials of the Information Security function?

The real role of an Information Security professional isn’t to protect the enterprise, but to provide quality decision support for their stakeholders who control the strategy and allocate the seemingly always scarce resources of the firm.

Just as pricey footwear often begins with high quality leather, decision support functions need to generate high quality information and that starts with high quality data.

The same way a shoemaker may source their leather and rubber shoe parts from different purveyors, so would a security professional source their data from across multiple sources. The single greatest luxury of the security function is that it is concerned with so many aspects of the enterprise operations that they have access to data normally relegated to individual job functions. For example, the Windows administrators rarely care what is happening with the Unix administrators, but the security professional is concerned about both camps.

Identifying and corralling the various data streams is the first step in building out your Inbound Logistics portion of the Business Model of Security.