Information Technology Reference
In-Depth Information
draws upon the right tool at the right time. Where to apply? The craftsperson draws
upon the right tool for the right application. When to apply? The craftsperson
draws upon the right tool at the right time. How to apply? The craftsperson is on a
never-ending quest to develop expertise and fine-tune that expertise.
How do you learn what tools to draw upon for the right application? Experi-
ence. How do you get experience in applying the right tools in the right place at the
right time? Part of the answer is applying the wrong tools in the wrong place at the
wrong time. The other part of the answer is using a disciplined approach to assist
in making the right choices and learning from the wrong choices. IA
2
provides that
disciplined approach. Your objective is to learn this disciplined approach starting
with the IA
2
Framework.
2.3 iA
2
Framework Details
A framework is a basic conceptual structure. A framework provides the ability to
describe a subject using a predefined set of descriptive terms and concepts. A frame-
work is not the solution itself, but a way to define and describe the solution. An EA
framework is a basic conceptual structure of an enterprise architecture. he IA
2
Framework is the basic conceptual structure for defining and describing an infor-
mation assurance architecture.
he IA
2
Framework (Figure 2.1) starts with IA architectural drivers that include
both business drivers and technical drivers. The root driver behind IA is riskārisk
that may be expressed in terms of business risk and technical risk. The IA
2
Frame-
work then presents six architectural views:
people
,
policy
,
business process
,
systems and
applications
,
information/data
, and
infrastructure
. he IA
2
views provide for a more
granular perspective on the IA architectural drivers. here are nine IA core prin-
ciples. Each IA
2
view considers each of the nine IA core principles (Figure 2.3) for
each IA architectural driver. What starts as a single statement of risk may now be
stated from the perspective of nine IA core principles, each from one of six different
IA
2
views, or 54 perspectives on that single risk.
Consideration of how to address risk may be within the bounds of organiza-
tional discretion. That is, the organization may examine a risk and determine how
to address that risk drawing upon organizational experience and organizational
objectives. IA
2
also provides a filter through IA compliance requirements. IA com-
pliance requirements may include externally imposed requirements like legislation,
and IA compliance requirements may include internally imposed requirements like
adherence to an industry security standard. Each of the 54 cross sections between
To clarify, this topic refers to EA as a practice, a process, and a document. here is such a docu-
ment as an enterprise architecture, there is an enterprise architecture process to assist in pro-
ducing that document, and there is a greater professional practice of enterprise architecture.
Granular means a finer grain, the ability to see more detail from the component parts.
