Information Technology Reference
In-Depth Information
table 9.1 Aligning iA Mechanisms with iA Core principles
IA Core
Principles
Risk
IA Mechanisms
Confidentiality
Disclosure
Cryptography, PKI, access
controls, identity management,
privilege management
Integrity
Corruption
Backups, integrity checks (e.g.,
cyclical redundancy check
[CRC]), hashing, PKI
Availability
Denial of service
OS security, host configuration,
IDS, anti-malware
Possession
Theft
Physical security
Authenticity
Fraud, counterfeit, deceit
PKI, verification and validation,
reliability check (source and
content)
Usability
Unusable
PKI, key management
Nonrepudiation
Deniable, false attribution
Digital signatures
Authorized use
Theft of service
Identity and privilege
management
Privacy
Public disclosure, misuse of
personal information
Cryptography, physical
controls, firewall, IDS
variations
steps of architecture, systems engineering, concept of operations, and IA design add
more details in the alignment of the more abstract architecture with the solution-
specific services and mechanisms.
IA mechanisms can be aligned with the business risks they address by using
the IA core principles (Table 9.1). This alternative to the IA implementation tax-
onomy demonstrates to the IA architect that different perspectives provide a variety
of ways to decompose and view the problem. Is a different way necessary? In the
sense of necessary to reach a good solution, no; the IA implementation taxonomy
may provide a good solution. The taxonomy approach provides
a way
, not
the only
way
. Multiple paths to the same objective prompt different thought processes that
complement each other to produce a better result. The many frameworks in
Infor-
mation Assurance Architecture
are for just that, mutual complements to guide you
in producing a better result than using a nondisciplined approach or any single
framework. Moreover, the many perspectives prompt you to articulate the problem
for a wide variety of audiences within the organization.
