Information Technology Reference
In-Depth Information
table 3.3
Second three iA
2
Views by iA Core principles: examples
IA
2
View
→
/IA Core Principle
Systems and
Applications
Data/Information
Infrastructure
Confidentiality
NA
Safeguard access,
retrieval, use,
modification, and
deletion of biometric
data
NA
Integrity
Ensure integrity of
systems and
applications
containing biometric
data
Ensure integrity of
database containing
biometric data
NA
Availability
Determine required
uptime and
performance criteria
for RFID card system
and engineer the
solution to those
requirements
a
NA
NA
Possession
NA; nothing in
addition to physical
protections already
given to IT assets
NA
NA
Authenticity
NA
NA
NA
Utility
NA
NA
NA
Nonrepudiation
NA
NA
NA
Authorized use
NA
NA
NA
Privacy
Validate applicable
legislation governing
IT that contains
personally
identifiable
information (PII)
Validate applicable
legislation governing
IT that contains PII
NA
This is a good example of risks and requirements crossing ELCM phases. The exam-
ple is for design; the same performance criteria carry over as operational SLAs.
a
