Information Technology Reference
In-Depth Information
ing new or modifying existing products' services. The project may not even involve
IA services or IA mechanisms; introducing IA products is not the only means of
addressing risk. Table 3.1 provides example statements of intent.
he remainder of the IA
2
P phases determines the letter of the IA
architecture;
the intent specifies the spirit. The intent of the IA
2
P may be focused exclusively on
IA, or the intent may be to integrate IA with an enterprise architecture, systems
engineering plan, product design, service design, implementation, testing, deploy-
ment, operations, requirements engineering, product selection, service selection, or
compliance management. The intent may be to use IA
2
as a tool to address business
risk by means other than a technical [IA] solution. Clarifying these nuances pro-
vides guidance to the remainder of the IA
2
P phases.
The statement of intent for IA relates to the purpose for the overall project.
Example project purposes include enterprise expansion (domestic, international),
merger/acquisition, new technical solution, new business function, or develop-
ing an E-commerce presence on the Internet. Each presents opportunities and
risks, both business risks and technical risks. The IA architect anticipates poten-
tial risks, identifies probable risks, and recommends priorities on how to address
those risks.
For the example details in Table 3.1,
potential risks
are employee objections to
change, media reports on privacy issues, civil liberties objections with regard to per-
sonal privacy violations (taking and using of fingerprints), and the remote detection
and theft of radio frequency identification (RFID) signals for spoofing or otherwise
stealing employee biometric information.
Probable risks
are employee objections to
change, media stories, and civil liberties objections. The remote theft of RFID sig-
nals and biometrics is possible, but not probable.
Priority
risks
are employee change,
civil liberties, media, and signal theft. For a more detailed presentation of identify-
ing and evaluating risk, see the chapter, Organizational Views of IA Section, 5.4.1
“The Scope of Risk Governance, Management, and Assessment.”
The statement of intent may also reference a formal problem statement and how
the IA
2
will resolve the problem. Appendix I provides guidance on the creation of a
formal problem definition. The problem assertion document is a separate tool from
the IA
2
Process, but may be a useful supplement for it.
As you define the intent, consider the IA
2
F flow and ask:
n
What is the focus of the project from a business perspective? A technical
perspective?
What are the business drivers behind the intent?
What are the technical drivers behind the intent?
What are the business risks that emerge from the intent? The technical
risks?
n
n
n
Walk through each of the IA
2
F views and ask questions relevant to intent. For
the IA
2
people view, ask how the end result of the project will be used. Who will
