Information Technology Reference
In-Depth Information
Business
Requirements
IA
Mechanism
IA
Operations
Product
Implementation
Best Practices
Security
Service/Process
Vendor
Figure 2.8
iA
2
implementation taxonomy.
The use of the IA
2
LoS from an enterprise perspective provides decision sup-
port in the review of operational constructs to see if they remain aligned with valid
business drivers. If senior management demands O&M budget cuts, the IA
2
LoS
enterprise perspective provides insight into which solutions support which business
functions. The blanket cut of
15 percent across the board
is an expedient method
of cost cutting, but inefficient at best and fatally damaging at worst. Blanket cuts
without thought to what is being cut may affect operations of high business value.
A better method is to find those overhead or low-priority business functions that
can live without certain services. Effective use of the IA
2
LoS provides this insight.
Cutting 100 percent of a single redundant or unnecessary service may meet budget
objectives and leave key business functions untouched. Might does not make right,
nor does majority make right, and certainly blind budget cuts for the sake of expe-
diency or simplicity does not make right either.
2.11.13
IA
2
Implementation Taxonomy
he IA
2
implementation taxonomy is <
business requirements
> require <
IA services
>
using <
IA mechanisms
> from <
vendor
> with <
product
> applying <
best practices
> to
turn over to <
IA operations
> (Figure 2.8). The IA
2
implementation taxonomy is not
separate and distinct from the IA
2
LoS; rather, the IA
2
implementation taxonomy
is an abbreviation of the IA
2
LoS to reference IA in more operational terms than in
architectural terms. The reason for speaking in more operational terms is to convey
a concise message to management and operations personnel without the distraction
of architectural detail.
2.11.13.1 IA
2
Implementation Taxonomy Examples
Consider the examples in Table 2.3; e.g., a business requirement for the protec-
tion of intellectual property leads to the need for a session encryption security
service. There are competing session encryption security mechanisms, including
SSL and IPSec. These mechanisms must be evaluated with respect to business
requirements, operating environment, mechanism maturity, and the IA
2
. Upon
selecting an appropriate security mechanism, there are vendors that offer a variety
