Information Technology Reference
In-Depth Information
Too Much Security
Mission Integrity
Too Little Security
Figure 1.1
Mission integrity boundary model.
1.3.2.1
Mission Integrity versus Mission Entropy
To maintain
mission integrity
, all relevant operations are working toward the fulfill-
ment of the mission within an acceptable level of deviation. When operational levels
exceed deviation parameters, operations have entered a state of
mission entropy
. Devi-
ation parameters define a fuzzy line separating mission integrity (successful mission
fulfillment) from mission entropy where mission success is in jeopardy (Figure 1.1).
The goal of IA is to keep operations within acceptable deviation from that ever-elu-
sive goal of perfection; that is, IA attempts to keep operations within acceptable mission
integrity boundaries. When mission entropy threatens, corrective action is required to
move operations back in line. It is possible to introduce too much security and intro-
duce mission entropy (e.g., shutting down external Internet access is very secure but
unacceptable when the E-commerce site generates 80 percent of revenues). IA must
balance the right amount of security with the right amount of freedom to operate.
The need for corrective action to maintain mission integrity emphasizes the
importance of knowing how to anticipate, defend, monitor, detect, alert, respond,
and correct such deviations.
Information Assurance Architecture
presents many
frameworks, processes, services, and mechanisms to ensure corrective action. Note
the purpose of IA
2
is not to teach these security services and mechanisms; there
are many excellent references on security operations, firewalls, intrusion detection
systems (IDSs), disaster recovery planning, etc. Rather, IA
2
presents various ways
to think about security services and mechanisms, and how to apply them to design
and implement IA to achieve optimum effectiveness in context of business drivers
and business risk.
1.3.2.2
Melding Architecture and Information Assurance
Using the definitions for architecture and information assurance, Table 1.1 pres-
ents IA architectural terms critical to understanding IA architectural concepts.
Entropy
implies disorder, chaos, compromise, impairment, or random activity that takes oper-
ations outside acceptable operating parameters.
