Information Technology Reference
In-Depth Information
There are two levels of outcome for organizational feedback, IA in
balance
and
IA in
harmony
with the business. Balance implies a give-and-take to reach equilib-
rium, an equilibrium that may result in less-than-optimal security in balance with
less-than-optimal business operations. IA in harmony with operations implies an
integration
of both. The result is optimal business operations that are also optimally
secure. A goal of IA quantification is to represent IA in harmony with the organi-
zational mission and operations; neither stands alone and each contains a bit of the
other. Harmonious IA mitigates risk and minimizes operational impact.
4.5
Conclusion and Commentary
Two themes in IA
2
are business need drives technology and business risk drives
IA. The IAQF provides a discipline to discern various ways to represent risk and
IA. The IAQP provides a discipline on
how
to find the metrics and measures for
the business scenario at hand. The IAQF offers a discipline of
what
to consider for
metrics. The IAQF and IAQP are not themselves IA quantification models, but
provide guidance on finding the raw material from which to develop IA quantifica-
tion models. To assist with understanding the IAQP, appendix C
provides both a
template and an example of how to apply the IA quantification process.
