Information Technology Reference
In-Depth Information
The following IA Quantification Framework (IAQF) provides guidance for
each of the four perspectives:
n
−
People (actors)
Learning phases of awareness, understanding, use, effective use, and
secure use
Process (actions), Technology (entities), Policy, or other non-person thing
Operational descriptions of existence, characteristics, quality
n
−
The learning phases were introduced in the section Goals for the Reader. Learn-
ing phases apply to people and their awareness, understanding, and use of processes
and technology. The operational descriptions apply the same to processes and tech-
nology. A technology exists or it doesn't. There a characteristics of a process that
define what it is supposed to be and what it is supposed to accomplish. For example, a
computer security response triage process is supposed to review events to determine if
they are security incidents, who should handle the security incident, and the priority
in which to address the incidents. These characteristics of what defines a working tri-
age process are potential parameters for measurement. Assuming that a technology or
process exists and it works at all, the next consideration is to the quality of how they
are working. Quality includes timely operation, accuracy, and efficiency.
A series of standard questions outlines the beginning of quantification. Assume
that X in the following list can represent a technology or a process.
n
n
n
n
n
n
n
n
n
n
n
n
Do the right people exist within the organization?
Are they aware of X?
Do they understand the operation of X?
Do they understand the enterprise role and relationship of X?
Do they use X?
Do they use X effectively (timely, accurately, efficiently)?
Do they use X securely?
Does X exist at all?
Does X exist within the organization?
Does X work at all?
Does X work effectively (timely, accurately, efficiently)?
Does X work securely?
The benchmark of using or working securely is relative to the security standards the
organization adopts.
4.3.1
IA Quantification: Stakeholder Perspective
Stakeholder interests drive the form, flow, and content of quantification results. At
the highest level, stakeholder interests are strategic or tactical. Stakeholder terms
