Information Technology Reference
In-Depth Information
the collective, system, or process that satisfies some demand (service as a noun). In
general, a service requestor does not expect a response from a single, specific actor
or entity; the service requestor expects a result. What, how, where, or who produces
that results is not relevant to the requestor. For example, a service may follow the
sun around the globe to provide the service to people during local work hours as
well as to provide service globally 24 hours a day, every day. IA
2
helps identify risks
in providing a service from multiple locations and multiple countries; communi-
cations handoff as work hours shift across time zones; the physical and technical
infrastructure that varies among service producers; etc.
10.3.2.4 IA
2
Alignment with TRM
TRM aligns to business drivers defined in the PRM, BRM, and SRM. The IA services
and mechanisms will address technology risks that in turn align with business risks.
Distinguishing IA from IT prompts consideration of IA as support for both technical
and business risks. The following provides some distinctions between IT and IA:
n
−
IT infrastructure
Cables, wires, network interface, frequencies, wireless access, switches,
routers
IT services
Web services, service-oriented architecture (SOA), domain name service
(DNS)
IA policies
Identity and privilege management, access management
IA infrastructure
Firewall, IDS, anti-malware, honeypot
IA services
CSIRT, forensics, risk assessment, security operating center (SOC)
n
−
n
−
n
−
n
n
Use the IA
2
F technology related views to discern risks associated with TRM
details. Keep in mind that the focus of EA is align technology with business driv-
ers. The focus of IA
2
is to align IA with business risks. Some of those business risks
may be in terms of technical risks, but always the technical risks will align with a
business risk.
10.3.2.5
IA
2
Alignment with DRM
IA addresses the security of data, data format, data structure, and data exchange.
he IA
2
data/information view figures prominently in establishing an IA posture
within the DRM. Data may be the focus of IA, or data about the data (metadata)
may be the focus of IA. Metadata includes details about the data such as author,
