Information Technology Reference
In-Depth Information
n
−
−
Are there thresholds and what do they mean?
Consider ceiling thresholds that if exceeded result in an alert.
Consider floor thresholds that if fallen below result in an alert.
Define alert parameter levels/layers.
Direct measurements versus correlating or coincidental events
If an IA aspect does not possess an intrinsic value or cannot be assigned
a meaningful arbitrary value, is there a correlating or coincidental [event
| condition | parameter] that can be measured?
Discrete events versus aggregate events
Any individual parameter that falls outside desired operational thresholds
may not indicate a severe problem; however, several of these conditions
may point to a severe problem—there is need to consider event aggrega-
tion in the IAQF.
What activity adds/detracts from risk/risk measurement?
Acts of commission
The fact that X occurred may indicate a problem.
Acts of omission
The fact that X did not occur may indicate a problem.
n
n
−
n
−
n
−
n
−
n
4.4.4
Discovery
The IAQP discovery step describes how to obtain the measures for analysis. The
discovery step describes what to do to accomplish discovery; it is not the discovery
itself. Discovery methods may include assessments, audits, interviews, log reviews,
or usage tracking (e.g., Web site hits or file downloads). Other methods may include
surveys or quizzes to test understanding of an ethics program, security policy, or
legislative requirement. Points to include in the discovery description are who can
provide inputs, what to ask them for, how to obtain the information, and how to
record discovery data.
The discovery step may articulate the need for tools, templates, guidance, and
methodology for a formal discovery process. Preparing for and executing an effec-
tive discovery process may be a project in itself. For example, preparing to discover
the organization's current compliance posture with Sarbanes-Oxley or other legis-
lation is quite an effort.
Thoughts with regard to what you will do with the discovery data (analysis)
provide clues for determining what to collect. That is, the IAQP is not necessarily a
linear process, but an emerging process where latter steps provide insight to previ-
ous steps. An important note: The IAQP is a process for invention, it is not a model
to plug in numbers and get a result. You must invent a quantification process for
your organization or for your situation. The IAQP provides a discipline to guide
your thoughts.
