Information Technology Reference
In-Depth Information
table 9.18
Cryptographic Business Driers linked to iA Core principles:
oeriew
IA Element
Cryptographic Business Driver
Confidentiality
Ensure X is kept secret; X
×
(message contenty, stored datay); Y
×
(end user, vendor).
Integrity
Ensure X remains unaltered; X (message sent versus messaged
received). Included in integrity is nonrepudiation; ensure X
cannot deny action taken; X
×
(message sent, order placed).
Availability
Note: Encryption does not ensure availability.
Possession
Ensure X is protected in event of theft; X
×
(information on
portable devices, data on hard drive or tape).
Authenticity
Ensure X generator is who/what it claims to be; X (message
sender, data provider, identified user).
Utility
Ensure usability of X; X
×
(encrypted hard drive). Solutions
include key escrows (e.g., lost/forgotten keys).
Authorized use
Encrypt identity, privileges, and validation information. Identity
includes user name, privileges include application or data
access, and validation includes password, challenge response,
or biometric.
Privacy
Adherence with privacy policy or legal requirements (e.g.,
Privacy Act 1974 or HIPAA)
The front office includes customer-facing people, processes, and technologies
such as call center agents, cashiers, Web sites, retail outlets, etc. The back office
activities include customer fulfillment and supporting administration, including
product packaging and shipping, accounting, and customer databases. The flows
between the two include the communications infrastructure, voice, and data.
Data concerns include customer data collection, what data traverses the com-
munications infrastructure, what data is stored, where it is stored, data sharing
policies, and privacy issues. Applications and technology (networking) support the
data collection, processing, dissemination, and storage.
The operational meta-view includes infrastructure data, data about what keeps
things going (e.g., routing protocol information, SNMP traps). Additional meta-
data includes activity logs, e.g., <customer X> used <interface Y> on <date> at
<time> and was assisted by <agent>. Evaluation of the metadata may provide clues
to optimize profitability and provide trends in customer interaction preferences.
The metadata also includes IA activity data collected by the NOC/SOC; the chal-
lenge is to present it in useful business terms.
