Information Technology Reference
In-Depth Information
Chapter 9
iA
2
: Context of iA
Mechanisms
9.1 introduction
Addressing risk includes risk mitigation. Some risk mitigation uses IA mechanisms.
This chapter presents IA mechanisms, including how to think about them and
apply them in context of the enterprise and IA
2
. The mechanisms presented are
not comprehensive; however, the IA architect may use these examples as a starting
point to determine further IA mechanisms to place in the appropriate context and
flow of an IA architecture that uses the IA
2
F, IA
2
P, and IA
2
LoS.
An IA mechanism is a piece of equipment, a tool, or component to mitigate busi-
ness risk. Examples of IA mechanisms include firewalls and intrusion detection sys-
tems. Many devices contain security features that may be activated to address risk.
These devices are not themselves IA mechanisms; however, there are mechanistic
IA configurations that may address risk. While each IA mechanism performs an IA
task, that IA task is part of a broader IA function; that is, IA mechanisms and mech-
anistic IA configurations are parts of a broader IA capability. Therefore, this chapter
presents the following IA mechanism examples in context of three categories:
n
−
−
−
IA devices
Anti-malware
Firewall
IDS
225
