Information Technology Reference
In-Depth Information
3.3.9
Summary of IA
2
Process Phases
To define what it is, you need to know what it is for (
intent
).
To build it, you have to know where it will reside (
environment
).
To modify it, you have to know what to change (
scope
).
To plan it, you have to know what you have to work with (
inputs
).
To analyze it, you have to obtain it (
discovery
).
To know what to do with it, you have to evaluate it (
analyze
).
To know where you need it, you have to define expectations (
outcomes
).
To finish, you have to produce results (
outcomes
).
3.4
Conclusion and Commentary
he IA
2
P uses the IA
2
F to identify, enumerate, articulate, and address business
risk. The IA
2
P provides a repeatable and consistent methodology that produces
consistent results from project to project, architect to architect, and team to team.
A capability maturity model (CMM) defines maturity levels roughly equivalent to
those in Table 3.11.
he IA
2
Framework and IA
2
Process provide the ability to reach CMM
level 3; all in all, this is a worthy goal and a great accomplishment to take into
your next performance appraisal. In keeping with level 4, there is an increasing
demand by executives for
quantification.
—
Show ROI! Show hard results in business
terms!
With respect to security, forget the FUD (fear, uncertainty, and doubt)
factor;
show the business value of security!
But how? he next chapter presents an
IA
2
quantification process (IAQP) and an IA
2
quantification framework (IAQF).
These are methods to use when thinking about IA quantification. They are not
table 3
.11
CMM
oeriew
Level
Name
Description
1
Ad hoc
The processes are usually ad hoc, and while they produce
results, the results are inconsistent and often over budget
or over schedule.
2
Repeatable
The organization possesses a disciplined approach, a
repeatable process.
3
Defined
Formal definition, retention, and management of processes
4
Quantified
Insert performance and quality management (e.g., SLAs) into
process.
5
Optimized
Continual review and improvement to optimize
performance of process
