Information Technology Reference
In-Depth Information
Use of exactly the same SMP framework and SMP outline provides a com-
mon look and feel for discovery tools (questionnaires, assessment guides, audit
guides), analysis tools, reporting templates, and tracking templates. Analysis tools
may compare as-is discovery against to-be plans. Reporting includes gap analy-
sis, remediation analysis, what should be done (good business practice), what may
be done (authority), and what can be done (resource restrictions; budget, people,
knowledge, time). Tracking templates provide the ability to record progress in what
is done to address business risks. Using the same SMP framework for all tools,
templates, and guides provides consistency, the ability to compare apples to apples
from discovery through analysis and reporting.
If additional details are necessary to reflect your organization's particular needs,
by all means modify the framework and outline accordingly. Once the framework
is finalized, stick with it to ensure consistency across all efforts. If at some future
point there is need to modify the SMP framework, be sure to disseminate updated
versions of templates and tools.
For IA
2
, the IA architect may use the SMP outline as a transition tool from IA
architecture to IA planning, implementation, and operations. The IA architect may
use Table E.1 to capture IA
2
details for relevant security controls in context of the
SMP outline. This same table appears in chapter 9.
The Web site www.ia2.info contains many useful downloads and supplemental
information regarding IA
2
. Have the topic at hand when accessing this site to ind
and enter any password requirements for access.
