Sensitivity Analysis of Loss of Corporate Efficiency and Productivity Associated with Enterprise DRM Technology

Enterprise Digital Rights Management (EDRM) was developed to help corporations keep digital documents secure, as one of many digital information security solutions. However, these security mechanisms typically reduce the work efficiency of the staff by making them spend time working on non-project related tasks. It is therefore of business importance to determine the total amount of loss in efficiency and productivity and the factors that impact this reduction in productivity. In this study, the loss of efficiency was quantified using the concept of non-productive time (NPT). The total amount of NPT associated with EDRM is related to the business process and human behavior of the employees, for example, the documentation classification system, average response time from system administrators, and percentage of failures in opening authorized documents. Parameters that define the business model of the corporation quantitatively and have an impact on NPT are identified and potential data collection techniques for these parameters are also proposed. A Petri-net model is built to simulate the business process of implementing an EDRM product. The sensitivity of NPT associated with the EDRM product to these parameters was evaluated using this Petri-net model. The parameters are ranked according to their relative importance. This study has the potential to help information security managers to make informed security investment decisions and to take actions toward reducing the impact of EDRM, so that a balance is kept between information security expense, resource drain and effectiveness of security products.