Information Technology Reference
In-Depth Information
your organization. Feature depth examines the characteristics of each horizontal
feature and if there is an adequate level of customization by way of parameters or
other configuration settings.
Business requirements drive vendor and product selections. The IA
2
LoS (chap-
ter 2) presents a series of links from architectural drivers through product and
vendor selection to operations and maintenance. Business drivers describe a desired
capability and performance level in terms of user productivity. Technical drivers
also play a role in vendor and product selection. An enterprise systems engineering
plan may provide technical standards with the intent of providing overall enterprise
interoperability. These technical standards may describe functionality and leave
the product selection up to the project team so long as the product meets minimal
functionality standards. The technical standards may list a series of products to
select from; this limits project team's options. The technical standards may specify
a particular product with the intent of technical interoperability as well as a central
purchase agreement that leverages enterprisewide licensing. All of these are per-
fectly valid approaches that satisfy varying business objectives.
5.9.6
Problem Solving
When things go right and when things go awry, understanding
why
in both cases is
good business practice. A forward-looking organization must capture success and
failure and use the lessons from both in a continual optimization scheme for busi-
ness, technical, and IA performance.
5.9.6.1 When Things Go Right
The IA organization monitors activities, log files, audit reports, detected probes,
and vulnerability analyses, and captures the results in effectiveness metrics. It then
compiles and formats concise operational reports and presents them to manage-
ment and executives on a regular basis. The IA organization sells, markets, trum-
pets, heralds, or otherwise informs the rest of the organization when they are doing
things right because it will surely be evident when things go awry.
Successful IA operations does not imply absence of attacks; rather, success-
ful IA operations implies user transparency in the event of attacks, and minimal
operational interruption. Understanding
out of sight, out of mind
and referring back
to organizational psychology, there is an opportunity in reporting IA problem solv-
ing; hence, when things go awry, find out why.
5.9.6.2 When Things Go Awry
IA complexities require a formal problem-solving structure that includes problem-
solving services, a toolkit, philosophies, and processes. Easier, more common prob-
