Information Technology Reference
In-Depth Information
n
n
Wired, wireless
Transmission (e.g., Ethernet, Frame Relay [FR], Asynchronous
Transfer Mode [ATM])
Infrastructure
Information technology (IT) (e.g., routers, switches, Frame Relay
access devices [FRADs])
Information assurance (IA) (e.g., firewall [FW], virtual private net-
work [VPN], anti-virus [AV], and intrusion detection system [IDS])
−
n
n
IA addresses risk to data, application, and technology, including technical ser-
vices, network communications, and technical infrastructure.
2.5 iA
2
Views
A technical focus often limits traditional IA thought; however, the IA architect
should by no means restrict IA concerns solely within technical bounds. Hence, the
IA
2
Framework architectural views include nontechnical aspects like people, process,
and physical infrastructure. One definition of architectural view is “a representation
of a system from the perspective of related concerns or issues.” IA
2
defines an archi-
tectural view as a perspective on the architecture that isolates and focuses attention on
a specific class of concerns. The IA
2
F defines six architectural views: people, policy,
business process, systems and applications, information/data, and infrastructure.
Among the architect's audience are executives and high-ranking managers. On
rare occasions, they will want to hear about bits and bytes; mostly, they want to
hear about solving business problems, managing business risks, revenue streams, or
cost containment. The breadth of the architectural views provides a wide window
through which to view the organization's business needs.
Traditional IA thought also often resides in third-party, external security
mechanisms providing after-the-fact
bolt-ons
(e.g., firewall, virtual private network,
intrusion detection system, and anti-virus). Effective IA requires
integration from
inception
, including software development, operating system design and selection,
aligning IA policy with business goals and operations, physical security, personnel
security, administrative security, operations security, and concentration on the most
critical aspect of a successful security program: people.
2.5.1
People
The constant factor throughout IA
2
F is people. IA success depends on appropri-
ate architecture, design, implementation, executive backing, and the IA profes-
IEEE 1471.
