After you have created valuable insights and context in the Operations phase of your business model, the next step is to get it into the hands (and minds) of the right people. Just as importantly, you should ensure that the packaging and delivery methods are geared toward how your consumer can best make use of it.

Falling back to the example of the shoemaker, this part of the Value Chain encompasses how the shoes get to market, and eventually onto the feet of the customer. Perhaps the shoemaker leverages the distribution capabilities of a wholesaler. The wholesale operator then manages delivery to the retail stores, who in turn fit the customer and complete the transaction.

Now what do you do with all of those shoes?

Just as the shoemaker leverages the capabilities of others in his Outbound Logistics, gone should be the days of e-mailing a stock vulnerability report over to the IT operations team and expecting it to get read and acted upon. The Business Model of Security gets you to shift your focus to the packaging and delivery of how the end user can best utilize what you sent. As we have discussed elsewhere, this could be accomplished by dropping individual remediation requests into the appropriate teams ticketing queue. In this example, the ticketing system (often owned and managed by some group within IT other than security) acts as the wholesaler. The individual team leads, Windows Server for example, then act as the retail salesperson, ensuring that the shoe/vulnerability is going to the right customer.

Through the Business Models of Security and utilizing the tools they are already relying upon means that you are not creating more work for them and makes it far more likely that your tickets will get worked.