Information Technology Reference
In-Depth Information
national government, consider the consequences of acquiring and using technol-
ogy developed in another country whose government is on less than friendly terms
with yours. If you work for any high-visibility commercial company (e.g., a major
world bank), consider consequences of acquiring software from a source that may
wish to subvert your operations. The systems and applications view helps the IA
architect consider these issues and determine the possibility of risks and the prob-
ability of risks.
2.5.5
Information or Data
Strictly speaking, data is raw details, whereas information implies some collection
of data that conveys a particular meaning. The IA
2
view information/data considers
them both in a similar manner and distinguishes information/data (or just data)
from the perspectives of being at rest, in transit, and in use.
Data at rest
resides on a server, workstation, or PC. Data at rest may also reside
on mobile or long-term storage media such as universal service bus (USB) drive,
CD, DVD, tape, removable hard drive, PDA, laptop, or cell phone. Data at rest
may be ready for imminent use like on a server or PC hard drive, as well as in long-
term storage like backups or archives. Data at rest safeguards apply to data in a car,
truck, or otherwise being sent through the mail or private transport service.
Data in transit
includes any data traversing a network. The network may be
wired or wireless, private or public, or local, regional, or wide area.
Data in use
refers to data that is currently in use on a PC, workstation, server,
mainframe, etc. This is data currently being processed by an application, and it
resides in random access memory (RAM) or in some other temporary storage loca-
tion during processing (e.g., page swap space). Good security practice requires
clearing memory of sensitive data; otherwise, another application may access that
same storage space and retrieve that data inadvertently or subversively.
2.5.6
Infrastructure
Infrastructure is an underlying foundation. Enterprise infrastructure consists of a
physical infrastructure and a technical infrastructure. Both technical and physical
infrastructures may introduce business risk; therefore, the IA
2
infrastructure view
addresses the risks of technical and physical infrastructure.
The technical infrastructure includes information technology (IT) services and
mechanisms like routers, switches, voice servers (PBXs), and voice adjuncts (e.g.,
Private branch exchange (more commonly becoming known as a
voice server
on the data
network).
