Information Technology Reference
In-Depth Information
Transfer
Mitigate
What are the requirements to address the risk?
n
There are five methods to address risk. The organization may accept or ignore
risk (ignoring risk is implicit acceptance). Risk acceptance increases the exposure
of the organization to additional costs or revenue interruptions. The organization
may share risk by outsourcing noncore operations or engaging a service manager.
The organization may transfer risk to an insurance provider. The vulnerability still
exists, and probability of incident still exists; however, the financial burden resides
with the insurance carrier. Risk mitigation implies the introduction of security
services and mechanisms to reduce vulnerabilities, reduce the number of security
incidents affecting the organization, and lessen the impact of security incidents.
The right approach for any given organization is a balance among all these. The
correct balance considers budget, schedule, expertise, and available resources.
The domains and domain interface representation above are abstract. A more
focused example of domain interaction is service-oriented architecture (SOA).
SOA is a design philosophy. This design philosophy advocates the use of technol-
ogy to build a technical infrastructure or technical environment to support the
creation and interaction of services. SOA services are software solutions that find
each other and initiate relationships without the necessity of manual interven-
tion. Consider that service A fulfills some need on the part of a service requestor,
depending on context. The nature of a service (including service A) is to find
other services to assist in the fulfillment of its purpose. Therefore, service A may
be a service provider or service requestor. Other services used by service A may
come in and out of existence. Service A is indifferent to whom or what fulfills a
service request so long as the result is delivered within acceptable parameters of
time, accuracy, and completeness.
F igure 6.3 shows SOA foundational attributes , where foundational attributes
are characteristics fundamental to SOA. Fundamentally, SOA consists of a service
requestor (SR) and a service provider (SP). An SP provides a service, e.g., proactive
notification of new product releases/upgrades. An SR seeks a result without specific
concern to where that result comes from;
that is, the specific service that provides
the result is irrelevant and perhaps even
unknown to the SR. SRs and SPs inter-
act with each other via interfaces (SRi, i ,
SP i ). Data (d) flows (f ) occur between
the SR and SP through the interfaces,
and metadata (md) contains informa-
tion about the data. Their desire and
ability to communicate defines their
relationship (R).
R
SR i
SP i
f
SR
SP
Data flow (f )
Data (d)
Metadata (md)
Figure 6.3
SoA foundational
attributes.
 
Search WWH ::




Custom Search