Information Technology Reference
In-Depth Information
Chapter 1
Foundational
Concepts for iA
2
1.1 introduction
Information Assurance Architecture
(IA
2
) is a topic on how to think about security
in terms directly related to the core reasons for the existence of the organization. In
general, the core objective of a commercial organization is to make a profit for inves-
tors, the core objective of a government organization is to provide service to citizens,
and the core objective of a military organization is to defend national interests. The
accomplishment of these core objectives is a complex of constantly evolving stra-
tegic and tactical objectives, strategic and tactical planning, projects, acquisitions,
implementation, and ongoing operations and maintenance. Each layer, phase, stage,
and step must consider organizational risk, including risks to the existence of the
organization, risks to fulfilling core objectives, and risks to assets, employees, and
infrastructure. IA
2
offers a discipline to identify, enumerate, articulate, and address
risks at every organizational level in business and technical terms, and to describe
those risks in both subjective narrative and objective quantification.
A key objective of this topic is to make IA
2
practical, useful, and usable as a
tool to efectively identify and address organizational risk. he tone of this topic
will fluctuate in and out of lofty academic discourse and just plain conversational
expressions. The lofty discourse is necessary at times to express complex ideas in
3
