Information Technology Reference
In-Depth Information
table 3.5
iA
2
F Views: Scope Guidance
IA
2
F Views
Breadth
Depth
People
Determine if people are part
of the scope; number of
people affected by the
results of the project.
Identification, privilege, role,
education level, training,
expertise, and experience;
training requirements for
people that will use the
results of the new project
Policy
Existence of security policies
that address the project risks
Quality of security policies
that address the project risk
Business process
The number of business
processes that use or will
benefit from the project;
identify the workflows that
will use the results of the
project.
The attributes of the
workflow that will change as
a result of the project
Systems and
applications
Enumerate the systems and
applications that will be
affected by the results of the
new project.
Articulate the attributes of
the systems and applications
that will be affected.
Data/information
Identify the data that will be
touched by the results of the
new projects; specify in
terms of input
(dependencies) and output.
Specify the attributes of the
data necessary for the new
project; may include data
structure, classification, and
metadata.
Infrastructure
Identify the infrastructure
affected by the results of the
new project.
Identify the attributes of the
infrastructure, e.g.,
configuration change to all
routers for traffic priority.
Internal to the
organization
What business functions are
in scope; what workflows
that fulfill the business
functions are in scope
Determine the attributes of
the business functions and
workflows that are in scope.
External to the
organization
Determine the external
dependencies.
Determine the attributes of
the external dependencies.
