Information Technology Reference
In-Depth Information
n
Support the transmission, storage, and archiving of data of varying
sensitivity levels, including Company X proprietary, customer propri-
etary, and government (United States and others).
Assign sensitivity levels to various data elements to assist in managing
storage, access, and manipulation.
Application
Support a variety of desktop applications (e.g., word processing, spread-
sheets, etc.), ubiquitous host-based applications (e.g., e-mail), plus spe-
cialized applications for internal use and customer use.
Technology
Provide the infrastructure to support local, wide area, and interna-
tional voice and data communications.
Single sign-on solution.
Manage, track, and audit online access to systems, servers, and data-
bases according to respective sensitivity levels.
n
−
n
−
n
n
n
There is, of course, much more to say about protecting the infrastructure;
however, in context of the applied IA
2
snapshot, the decomposition of business
requirements to process, organization, and physical site, and the decomposition
of technical requirements to data, application, and technology isolate focus and
provide a multidimensional approach to identifying requirements. The traceability
between root business requirements and implementation is invaluable in providing
justification for IA, cost-benefit analysis between IA efforts and business value, and
justification for IA priorities through their link with business priorities.
9.14 local Area networks
A local area network (LAN) is relatively small in terms of physical distribution.
A LAN may be in a building or in a campus environment. A metropolitan area
network (MAN) extends the physical proximity of LAN components from a build-
ing or campus to a citywide perspective. A wide area network (WAN) may extend
across a nation or across the world. Each has its design, implementation, opera-
tional, and security challenges.
One perspective of LAN security is by way of the Open Systems Interconnection
(OSI) model (Table 9.15). The contents of the table are not comprehensive; rather,
they are an overview and a point in the right direction for further research by the
IA architect. Table 9.16 presents an applied IA
2
summary for LAN security.
9.14.1
Applied IA
2
: LAN Protection Capability
Comprehensive LAN security is security aggregation (e.g., defense-in-depth; Fig-
ure 9.5) where the holistic LAN security service is greater than the sum of the
