Information Technology Reference
In-Depth Information
What is the appropriate perspective? The appropriate perspective is relative to the
scenario and the prospective audience. The IA implementation taxonomy provides
alignment from business requirements through to IA operations and is perhaps
more detail than executives or management would like. Aligning IA mechanisms
with IA core principles provides a more abstract perspective for IA planning. Sub-
sequent alignment of IA core principles with business drivers provides an indirect
link between business drivers and IA mechanisms.
he IA
2
Framework uses the IA core principles as a filter to decompose larger
risk management problems into more manageable chunks. For each identified
risk, Table 9.1 above provides an alignment to the appropriate IA mechanism that
addresses that risk. Like the other tools in this topic, Table 9.1 is not exhaustive.
Rather, it offers a framework in which to define details relevant to your organiza-
tion and for your problem.
Table 9.2 further decomposes Table 9.1 to create a matrix of IA core principles
and IA operations cycle phases. The detail in Table 9.2 includes both IA services
and IA mechanisms, and presents an alternative view of IA mechanisms' fit within
the organization.
9.3.1
Applied IA
2
The applied IA
2
details in the examples in this chapter describe how to apply IA
2
and provide examples by using a snapshot of a particular IA
2
perspective. The
snapshots are not an exhaustive portrayal of how to apply IA
2
. he snapshots are
just one way to look at the problem, provide an IA solution, and explain that IA
solution. The intent of the snapshot is to show the relationship between IA
2
and
IA mechanisms. Table 9.3 provides an Applied IA
2
framework in the form of an
applied IA
2
template and a description of the contents of the table fields. The IA
mechanism examples in this chapter use this table format to present an IA
2
context
of that mechanism.
The applied IA
2
examples provide a bottom-up view from mechanism to archi-
tectural alignment. Most organizations have existing IA services and IA mecha-
nisms. Capturing these IA capabilities in context of the IA architecture provides
the ability to track IA capabilities and to provide insight into what may be missing
from an optimal enterprise security posture.
9.4
organizational Context of iA Mechanisms
The organizational application of IA mechanisms follows a distinct pattern for plan-
ning, assessing, tracking, and reporting on IA mechanisms. This pattern includes
determining:
