Information Technology Reference
In-Depth Information
sional's ability to articulate the philosophies, practices, policies, and technologies
in terms readily understood by the audience. However, even the most elegant IA
architecture is worthless unless people are aware of IA, understand IA, and use
IA effectively.
he IA
2
people view addresses individuals as well as groups of people. The
people view, as the capstone to the framework, is the key to failure or success of
information assurance. People must be aware of and actively involved in IA from
inception through implementation, operations, and maintenance to ensure aware-
ness, understanding, and buy-in. From executive buy-in to customer acceptance,
people are the key factor. An outline of the people view includes:
n
−
Internal
Sponsors
Executive
Decision makers/approvers
Business manager/line manager
Operations
Administrators
Network operating center (NOC)/security operating center (SOC)
operators
Users
Everyone receives awareness training
Legacy system owners
Manage perception of IA plus the process of introducing IA or poten-
tial violations of existing IA with introduction of new solutions that
interface to legacy systems
Project team
Developers
Inserting IA in the planning, design, and implementation phase
of the systems development life cycle
IA professionals
Managing, leading, training—turning them into champions of
IA
n
−
n
−
n
n
−
n
−
n
−
n
−
n
−
n
−
External
Customers
Perception management (e.g., privacy)
Stakeholders
People with a vested interest in organization's effective use of IA
Public
Perception management
Investors/shareholders
Benefits to shareholders and would-be investors on IA adding to the
bottom line
n
−
n
−
n
−
n
