Information Technology Reference
In-Depth Information
table 9.17 Appli ed iA 2 Summary: Cryptography
IA 2  Topic
Description
Mechanism
Cryptography
Drivers
Confidentiality of data in transit over a network or data at
rest on a hard drive or other storage device. Business need
for cryptography includes protection of customer data
(customer trust) and organizational proprietary
information. Privacy requirements may also drive the need
for cryptography.
IA 2 view
Applicable IA 2 views: Systems and applications, information/
data, infrastructure (technical)
IA core principles
Applicable IA core principles:
Confidentiality-integrity-availability (CIA)
Authenticity-utility (AU)
Privacy-authorized use-nonrepudiation (PAN)
Compliance
requirements
Legislative, policy, guidelines, government directives, or
other requirements specifically calling out or implying the
use of encryption or cryptography
ELCM application
Applicable ELCM elements: Develop/acquire, implement,
test, O&M
Verification
Applicable verification methods include system test and
evaluation, penetration testing, encryption-cracking tools.
Operations
Applicable IA operations cycle phases: Defend
confidentiality, integrity, authenticity, authorized use, privacy, and nonrepudiation.
Table 9.17 provides an applied IA 2 summary of cryptography.
9.15.1
Applied IA 2 : Cryptography Capability
9.15.1.1 
Business Requirements
Consider the business drivers behind cryptography from an operational perspec-
tive. The IA architect may decompose business operations into a generic frame-
work of front office, back office, and the flows between the two. Structures within
this framework include business, technical, and an operational meta-view. The IA
architect may then view these structures from the perspective of each IA core prin-
ciple (Table 9.18), thus providing a granular decomposition of business require-
ments driving discrete IA functions.
 
Search WWH ::




Custom Search