Information Technology Reference
In-Depth Information
table 5.7
oeCD policy Deelopment principles
Principle
Description
Awareness
Participants should be aware of the need for security of
information systems and networks and what they can
do to enhance security.
Responsibility
All participants are responsible for the security of
information systems and networks.
Response
Participants should act in a timely and cooperative
manner to prevent, detect, and respond to security
incidents.
Ethics
Participants should respect the legitimate interests of
others.
Democracy
The security of information systems and networks
should be compatible with essential values of a
democratic society.
Risk assessment
Participants should conduct risk assessment.
Security design and
implementation
Participants should incorporate security as an essential
element of information systems and networks.
Security management
Participants should adopt a comprehensive approach to
security management.
Reassessment
Participants should review and reassess the security of
information systems and networks, and make
appropriate modifications to security policies,
practices, measures, and procedures.
5.7
operations and iA
IA builders turn over solutions to operations via a
transition
process. There is a vast
difference between
dump-and-run
and
transition
. Dump-and-run (a more typical
handover tactic between builders and operators) often leaves operations wondering:
What is this? What's it for? What's the business intent? This is not what we expected.
Generally, the development budget has run out and the builders are long gone, with
operations left to figure everything out for themselves—or not. Many times a good
solution (or what could be a good solution) is left unused or underused because the
operations group is unsure of where and how to use it most effectively.
In contrast, transition engages operations early in the building process. At best,
the operations group provides some insight to how the application should work. At
the least, operations is informed during the development process as to the intent,
function, business fit, and nuances of the application. Moreover, operations takes
