Information Technology Reference
In-Depth Information
Chapter 6
iA Business Driers
6.1 introduction
No topic may tell you what the business drivers are for your organization. Only
you can determine that. However,
Information Assurance Architecture
can help you
determine what your business drivers are.
IA requirements engineering
is a formal,
repeatable approach to record and track what is necessary to address risks associated
with a project or with the enterprise depending on the scope of the effort. IA require-
ments engineering applies the IA
2
Process and draws upon the IA
2
Framework and
other frameworks to decompose the larger problem into manageable pieces.
Business need drives the need for technology. Business risk drives the need for
IA. IA requirements engineering looks at the business need and the technology to
satisfy that need, identifies the risks, and aligns IA solutions to address those risks.
We will look at IA requirements engineering from the perspectives of compliance
management and systems engineering.
Compliance management
deals with sources of business drivers and decom-
poses those sources into requirement statements that are actionable, traceable, and
provable.
Systems engineering
focuses more on the solution requirements and pro-
viding traceability to business drivers. Compliance management is more broadly
focused on the enterprise, whereas systems engineering is more deeply focused on
the solution.
Formally defining requirements is an iterative process. You may receive business
requirements in words that express a high-level desire; e.g.,
to better manage produc-
tion, inventory, and shipping schedules, we want the ability to obtain customer purchase
information in real-time
. To begin to understand the organizational implications to
123
