Information Technology Reference
In-Depth Information
table 3.1
iA
2
F V
iews: intent examples (Continued)
IA
2
F Views
Statement of Intent
Infrastructure
New physical infrastructure is necessary to channel people
through the card reader system while maintaining an image
of professionalism rather than surveillance. The intent is to
use portable barriers and retractable ropes similar to those
used at theme parks and airports.
Internal to the
organization
The intent is to manage expectations of employees by
preparing details of the new system, holding an awareness
campaign, and gathering and responding to any preliminary
objections, questions, and concerns.
External to the
organization
The intent is to prepare a press release to preempt
sensationalistic stories regarding personal privacy. Legal will
prepare guidance for dealing with civil liberties
organizations.
use it? For what purpose? How will they know they need to use it? How will they
know how to use it? How will they know they are using it effectively? Securely? For
IA
2
view on policy, ask what policies are necessary? Do they exist? What content
will address what the project is for?
For IA
2
business process view, ask if part of the intent is to affect workflow. Pro-
cedures? Tasks? Manual tasks? Cognitive tasks? What technology supports or will
support these tasks? For systems and applications, ask if new systems or applications
are to be developed or acquired. What data or information is affected? In what states
are the data affected (at rest, in transit, in use)? What infrastructure components are
affected? Is the intent of the project to focus exclusively internal to the organization?
Are there external considerations as well? External dependencies? Partners? Custom-
ers? Suppliers? Service providers?
As you ask these and other questions, use the IA core principles as a basis for
identifying each risk and its specific nature. At each intersection of the IA
2
Process
intent phase and IA
2
view, question what risks there are to
confidentiality,
,
integrity
,
availability
,
possession
,
authenticity
,
utility
,
nonrepudiation
,
authorized use
, and
pri-
vacy
. For each risk, ask what the business implications are.
Tables 3.2 and 3.3 provide examples using IA core principles to describe/define
risks from the perspective of the IA
2
views. Analyzing the results obtained from
these perspectives may capture insights with regard to governance, management,
building, operations, users, and leadership (see the OCF in chapter 11). One view
may capture governance insights with regard to compliance requirements and stra-
tegic objectives. Another view may capture management insights that convert stra-
tegic objectives to strategic plans, tactical objectives, and tactical plans. The details
from these tables provide input to the IA
2
Process for defining intent for IA (e.g.,
