Information Technology Reference
In-Depth Information
vation. In many cases, there is not a need to modify the product itself. For example,
with the introduction of the Internet and E-commerce, the music industry did
not need to change radically how a song is created. Rather, the innovation is the
delivery method and the pricing of the song. Previous distribution was via physical
media (e.g., tape or CD) through a retail sales channel. Moreover, the purchase of
the desired song often required purchasing a collection of other songs in which the
buyer had little interest. The Internet provided the ability to sell instant download-
ing of a single song. Thus, the innovation was to create and support this new sales
channel of instant downloading with an accompanying pricing structure to sell
single songs or song collections.
IA
2
may use the innovation framework to address the evaluation of a new
threat. A variation on a virus or worm may be thought of as a sustaining inno-
vation developed by a
community of malicious intent
(COMI). he customary
way to address viruses and worms is via anti-malware software. When a new
strain of virus spreads faster than previous versions, the customary response is to
introduce a faster, automated anti-malware signature file and disseminate to all
organizational servers and desktops. A disruptive COMI innovation introduces
a new and unanticipated type of threat. One such disruptive change to the U.S.
federal government was the events of September 11, 2001; COMI activities are
not restricted to the cyber-world. One consequence of these events was the intro-
duction of legislation (e.g., Intelligence Reform and Terrorist Prevention Act of
2004) that requires government organizations to share information. Prior to this,
the guiding principle in the intelligence world was
need-to-know
; now,
need-to-
share
complements need-to-know. Much innovation on the part of many secu-
rity professionals over the past several years is based upon attempts to balance
between these two principles.
12.6
eA Framework
Enterprise architecture (EA) is a methodology that aligns business, technical, and
operational solutions with the organization's core mission and strategic direction.
The EA process is often stated in terms of:
n
n
n
To-be—Target architecture
As-is—Current architecture
Transition—Migration plan from as-is to to-be
There are many EA frameworks to choose from according to the type of orga-
nization and organizational need. EA frameworks include:
n
n
Department of Defense Architectural Framework (DoDAF)
Zachman Framework
