Information Technology Reference
In-Depth Information
table 13.4
iA Justification in potential Business loss per iA Core principle
IA Core 
Principle
IA Justification in Potential Business Loss
Confidentiality
Disclosure, interception, observed
Possession
Loss, theft of resources
Integrity
Modification, corruption
Authenticity
Forgery, fabrication
Availability
Denial of service, business interruption
Utility
Unusable
Authorized use
Theft of service, increased access
Nonrepudiation
Undeniable accountability for acts of commission and
omission
Privacy
Compliance with privacy legislation (e.g., HIPAA Privacy Rule,
Privacy Act)
the actual attacker is. The attack may look like it is coming from competitor Y,
when in fact it is a third party using competitor Y resources. So, how do you impose
consequences on the adversary?
There is IA justification in hiring IA professionals with the knowledge to cap-
ture appropriate logs and other evidence that is admissible in court. Learn how to
use the existing laws to protect your organization. If appropriate laws do not exist,
look into proposing new ones. Your organization may employ lobbyists with access
to lawmakers. Your company may belong to a trade organization that has collective
representation and access to lawmakers. Such activity is preemptive in nature to
make adversary consequences painful so as to deter them from future attacks.
13.6.5
IA Core Principles as IA Justification
Table 13.4 provides IA justification as potential business losses against the IA core
principles. These are useful justifications for IA that cover most potential organi-
zational losses.
13.7
iA operations Cycle as iA Justification
Justifying IA in terms of the IA operations cycle provides details in context of
operations, administration, and maintenance. The IA operations cycle consists of
 
Search WWH ::




Custom Search