Information Technology Reference
In-Depth Information
table 9.4
Homogeneous ersus Heterogeneous enironment Beneits and
Drawbacks
Type
Benefits
Drawbacks
Homogeneous
Cost: Single purchase
agreement
Site licensing management:
Leverage central expertise
(e.g., help desk,
administration).
Easier vulnerability
management (detection and
patching)
Schedule: Leverage repeated
experience with the same
mechanisms.
A vulnerability in one is a
vulnerability in all.
A breach in one is a potential
breach in all.
Heterogeneous
Better defense-in-depth: A
vulnerability in one does not
imply vulnerability in all.
A breach in one leaves
another obstacle to
overcome.
Cost: Multiple purchase
agreement
Multiple site licensing
Multiple maintenance
agreements
Additional personnel or
additional training to
accommodate multiple
products
Management: Multiple
varieties of tools add
complexity
Multiple products for
vulnerability and patch
management
rity. Determining the answer for the appropriate balance is organizational and
situational dependent.
9.5.2
Applied IA
2
Summary
Table 9.5 provides an IA
2
context of security standards. The details in the table
include the drivers behind the need for security standards as well as list the relevant
IA
2
views, IA core principles, compliance requirements, applicable ELCM phases,
method to verify completion, as well as applicable IA operations phases. These
details show that there are many paths through the IA
2
Framework and IA
2
Process
