Information Technology Reference
In-Depth Information
able. Out of necessity, many software vendors program around a shortfall in an
operating system. When the OS vendor fixes that shortfall, the software appli-
cation may not work at all or not work with the same integrity as it did under
the prepatched OS. The organization must set up test environments for key
software applications to validate patch compatibility prior to installing patches
in production environments.
8.11.3
IA
2
Perspective
A large part of the architectural process is discovery—discovery of what exists,
what the organization desires, motivations, and constraints (technical, business,
cultural, geographical). An effective assessment process facilitates the IA
2
Process.
An assessment process is a construct that provides a framework for various assess-
ment services. Assessment services include vulnerability assessment, risk assess-
ment, and compliance assessment.
The assessment process is very similar to the architectural process of determin-
ing the as-is enterprise architecture or the as-is IA architecture, subsequently defin-
ing the to-be architecture, gap analysis, and transition plan.
The assessment process framework provides an abstract model to apply to any
compliance assessment, risk assessment, or vulnerability assessment situation. The
most effective assessment process finds foundation in industry best practices, includ-
ing discovery questions directly traceable to applicable industry standards (e.g.,
ISO, NIST, and DoD instructions). The ultimate goal is to automate the assess-
ment process to promote cost-effective execution and consistent repeatability.
8.12
Digital Forensics
Digital forensics is the application of scientific knowledge to legal issues surround-
ing information and information technology. Many organizations have a need for
digital forensics. For most it is a post-incident afterthought that quickly turns to
regret when the necessary logs are found wanting for detail, if they exist at all. As
with other successful IA constructs, IA architects need to integrate digital forensics
with operations, not bolt-on after the fact.
Digital forensics includes the “preservation, identification, extraction, documen-
tation, and interpretation of computer media for evidentiary and/or root cause analy-
sis.” “Digital Evidence is any information of probative value that is either stored or
transmitted in a binary form” (SWGDE, July 1998). Later “binary” was changed to
“digital.” “Digital evidence includes computer evidence, digital audio, digital video,
Computer Forensics: Incident Response Essentials.
Scientific Working Group on Digital Evidence.
