Information Technology Reference
In-Depth Information
table 9.3 Applied
iA
2
template
IA
2
Topic
Description
<Section header>
E.g., “Applied IA
2
Summary”
Drivers
Describe drivers behind IA mechanism.
IA
2
views
Describe applicable IA
2
views: People, policy, business
process, systems and applications, information/data,
infrastructure (technical, physical)
IA core principles
Describe applicable IA core principles: Confidentiality-
integrity-availability (CIA), Possession-authenticity-utility
(PAU), Privacy-authorized use-nonrepudiation (PAN)
Compliance
requirements
Legislative, policy, guidelines, executive order, presidential
directive, or other requirements specifically calling out or
implying the use of specific standards
ELCM application
Describe applicable ELCM elements: Concept, architect,
engineer, develop/acquire, implement, test, deploy, train,
O&M, retire
Verification
Describe applicable verification methods, e.g., system test
and evaluation (ST&E), certification and accreditation
(C&A), and others
Operations
List applicable IA operations cycle phases: Anticipate,
defend, monitor, respond
n
n
n
n
n
n
n
n
IA mechanism function
Business need
Business fit.
Rationale
Policy
Standard
Procedure
Practice
Determine what the IA mechanism function is in terms of and determine what
it can do for the organization. Then determine if the IA mechanism function ful-
fills a business need; that is, determine if there is a risk that the IA mechanism will
mitigate. If so, proceed to discover the business fit of the IA mechanism. Business
fit for IA mechanisms mostly focuses on operations, and specifically security opera-
tions. Articulate the details of the business need and fit in a rationale that aligns the
IA mechanism with the business need. The applied IA
2
examples throughout this
chapter introduce methods to determine the details of determining business need
and business fit.
