Information Technology Reference
In-Depth Information
table 1.1
information Assurance and Deriatie terminology
IA Term
Definition
Information assurance
(IA)
Defines and applies a collection of policies, standards,
methodologies, services, and mechanisms to maintain
mission integrity with respect to people, process,
technology, information, and supporting infrastructure
Information assurance
architecture (IA
2
)
The art of consciously forming a coherent structure of
information assurance services and mechanisms
IA
2
Framework
The basic conceptual structure for defining and
describing an IA
2
solution
IA
2
Process
The steps required to generate an information
assurance architecture
he discipline of architecture uses terms of particular nuance. his topic
attempts to use these terms in a manner widely accepted; however, given the nature
of the topic, this topic introduces new terms surrounding IA architecture. he glos-
sary provides a lexicon to distinguish the nuances among these terms. Understand-
ing these terms is essential to understanding the IA architectural concepts herein.
his topic is internally consistent in the use of the terms as deined in the glossary.
1.3.3
Systems Engineering
A system is a collection of entities (real or virtual) that interact to produce an
objective or result. Systems engineering (SE) is a discipline to plan for and ulti-
mately produce a system. Systems engineering may follow the guidance provided
by an enterprise architecture to implement the intent of that architecture. This
may include the information assurance services and mechanisms in the appropriate
context of managing business risk. IA
2
is a discipline for IA that also applies to the
requirements engineering aspect of SE.
The traditional use of SE is to produce a system of known and definable opera-
tion. The environment within which the system will work is known, inputs are well
defined, and the interactions of the system are known (the providers of inputs and
the consumers of outputs). There is an emerging need to provide an engineering
discipline to systems or solutions that must operate today, but may operate in an
environment where the expectations of that solution are not predictable. For exam-
ple, a Web service may be used in manners completely unexpected by the developer.
There becomes a need to define the environment very well and prescribe the rules
necessary to operate in that environment. That environment may be a technical
environment or it may be the enterprise. The enterprise environment looks at com-
