Information Assurance Architecture (IA2) is a book on how to think about security in terms directly related to the core reasons for the existence of the organization. In general, the core objective of a commercial organization is to make a profit for investors, the core objective of a government organization is to provide service to citizens, and the core objective of a military organization is to defend national interests. The accomplishment of these core objectives is a complex of constantly evolving strategic and tactical objectives, strategic and tactical planning, projects, acquisitions, implementation, and ongoing operations and maintenance. Each layer, phase, stage, and step must consider organizational risk, including risks to the existence of the organization, risks to fulfilling core objectives, and risks to assets, employees, and infrastructure. IA2 offers a discipline to identify, enumerate, articulate, and address risks at every organizational level in business and technical terms, and to describe those risks in both subjective narrative and objective quantification.
A key objective of this book is to make IA2 practical, useful, and usable as a tool to effectively identify and address organizational risk. The tone of this book will fluctuate in and out of lofty academic discourse and just plain conversational expressions. The lofty discourse is necessary at times to express complex ideas in concise terms, like taxonomies and ontologies. Plain expressions often help make these lofty terms understandable.
Moreover, Information Assurance Architecture provides many frameworks and processes, but also presents a philosophical perspective on IA and IA architecture. This philosophy attempts to get at root principles of why. As an architect, you are very interested in why. Why IA. Why this is a risk. Why addressing this risk is a priority.
This chapter introduces foundational concepts and definitions fundamental to IA2, the IA2 Framework, and the IA2 Process. These concepts include:
- Enterprise architecture (EA)
- Systems engineering (SE)
- Information assurance (IA)
- Information assurance architecture (IA2)
- IA architectural framework (IA2 F)
- IA architectural process (IA2 P)
Why architecture? If one were to say, "I've engaged an architect!" you would likely picture a building construction project. A building architect provides guidance to a builder in the form of blueprints. To produce the blueprints, the architect works closely with the owner or sponsor for the building. The architect discovers the owner's goals and desires. These goals and desires include functional aspects of the building as well as aesthetic aspects. Moreover, the architect considers the environment in which the building will reside, including the climate, sunrise, and sunset, all with the intent to create a useful, efficient, aesthetically pleasing structure. The architect creates elevations, models, and finally blueprints that describe the relationship among the building site and the building's floors, walls, light, and space, all of which have been designed to meet the owner's requirements.
What if the construction project were to build a business, a nationwide enterprise, or a global enterprise? Initial thoughts would be to engage accountants, lawyers, and business professionals in marketing, supply line management, and other such expertise. Although this is good, how do these people know that they are doing the right things in the context of a larger plan? Is there such a thing as a business architect? Yes, and they are referred to as enterprise architects; enterprise architects develop enterprise architectures. So, now there is this enterprise architecture that describes the complexities of the business, assets, people, technology, relationships, and operations. How do you safeguard these assets? How do you ensure continuity of operations? Maintain organizational viability? The answer resides in the services
of an architect for security.
What will a security architect design? If organizational wealth is physical assets like currency or gold, a prudent security architecture includes safes, vaults, door locks, and surveillance equipment. In the contemporary business environment, most organizational wealth is now largely bits* on a hard drive. The transfer of organizational wealth (e.g., employee payroll via direct deposit and interorganization transactions) is bits traveling across a wire. Physical buildings and land no longer represent the largest portion of organizational value; instead, most organizational assets are intellectual property in the form of either employee knowledge or documents and information-most of these are in the form of bits on electronic media (e.g., a hard drive).
The mission of the information assurance architect is to develop an information assurance architecture and align IA with the enterprise architecture (EA) to ensure appropriate safeguards that maintain the organization's operational integrity and long-term viability.
An effective IA2 practitioner must have a breadth and depth of experience with technology, security, and business. The intent of this book is to provide the IA2 practitioner with a disciplined thought process for IA planning and integration of IA in the enterprise.
Foundations of Successful Architecture
Foundations of any successful architecture, be it enterprise or information assurance, include:
A lexicon is a dictionary of the words and phrases pertaining to a particular subject. A lexicon ensures that all stakeholders with an interest in a project interpret and use the same language consistently. For example, risk means different things to different people and may mean different things to the same person in different situations.
The debate on whether a definition is right or wrong can go on ad infinitum. The important point is for everyone to agree that for now the working definition is as the lexicon states.
Standards provide a baseline upon which to build a successful IA architecture. Using an industry standard means that the approach, the details, or both can be vetted against an accepted reality. Rarely will any one standard address all organizational needs. However, using standards within an architecture removes the perception of arbitrariness and provides a credible reference point from which to customize the organization-specific solution.
Means are the available resources and include people, expertise, time, material, and budget.
Method is a prescribed manner to proceed. The IA2 Framework and IA2 Process together provide the IA architectural method.
Motivation is a set of reasons. The root motivation for IA architecture is to recognize the presence of business risk and address it appropriately.
Mission is a specific focus. The specific focus for IA2 may be a system, a business function, a technical service, a group of people, or the overall IA posture of the enterprise.
Architecture is the art of consciously forming a coherent structure. In a technical environment, an architecture view is a "representation of a system from the perspective of related concerns or issues," "a collection of logically related models." An architectural framework is "a standard for the description of architectures." Architecture addresses not only structure, but also behavior of systems and data, as well as behavior of people in terms of relationships, actions, and cognition.
An architecture is a unifying structure using a set of design artifacts and descriptive representations to describe an entity such that it can be produced to requirements and be maintained over its life cycle. An entity may be physical, logical, system, cyber, or a combination of these. An architectural process provides a disciplined methodology to promote repeatability, consistency, high quality, and complexity management.
Enterprise Architecture and Systems Architecture
Architecture is a multidimensional practice. Challenges facing the architect include paradox, dichotomies, balancing a multitude of tasks, deadlines, conflicting premises, constraints, uncertainty with existing information, and missing information. Critical architectural decisions may include many assumptions (a professional euphemism for guesses). A structured approach to architecture provides a method to minimize assumption uncertainty. An effective architectural approach addresses enterprise architecture (the big picture) as well as systems architecture (the pieces comprising the big picture).
The Global Enterprise Architecture Organization (GEAO) describes enterprise architecture as follows:
The way in which an enterprise vision is expressed in the structure and dynamics of an Enterprise. It provides, on various architecture abstraction levels, a coherent set of models, principles, guidelines, and policies, to translate, align, and evolve the systems that exist within the scope and context of an Enterprise.
An EA process is a methodology that aligns solutions (business, technical, operations, etc.) with organizational core mission and strategic direction in terms of to-be, target architecture; as-is, current architecture; and transition, migration plan from as-is to to-be.
Understanding that systems comprise the greater enterprise, there is a distinction between enterprise architecture and systems architecture. A system may or may not be a computer system, but is by definition an entity that accepts input, performs a process, generates output, and reacts to feedback; e.g., nervous system, economic system, or computer system. Based on the GEAO definition of enterprise architecture, system architecture is defined as follows:
Systems architecture refers to the way in which a system vision is expressed in the structure and dynamics of the system and often in context of a collection of systems. It provides, on various architecture abstraction levels, a coherent set of models, principles, guidelines, and policies, used for the translation, alignment, and evolution of the components that exist within the scope and context of a system.
Enterprise architecture and system architecture are complex practices of abstraction that provide guidelines to develop business solutions without regard to specific services or mechanisms. Information assurance architecture is itself a complex practice of abstraction requiring a melding of architectural concepts, information assurance concepts, and the development of new terms to describe nuances of the IA2 practice.
Most people in technology think in terms of the technology they are familiar with and the operations that technology supports. Although this is not bad, it is not enough. The architect needs to think in abstract terms of hierarchies, taxonomies, and principles that emphasize the business perspective and guide the mechanisms that support operations. A business driver of secure communications between the Internet and the internal network results in IA services and IA mechanisms to support that business driver. The size, complexity, type, and notoriety of the organization drive the breadth and depth of these IA services and mechanisms. A small Midwest insurance agency is unlikely to be a direct target of international cyber terrorism; however, it may be an indirect victim of a cyber virus in the wild.
A prudent precaution is for this small Midwest company to install anti-malware on servers and desktops to protect itself from incidental infection. A government organization of military and political significance is more likely to be under direct attack from not only conventional malware, but also unique malware specifically targeted at that organization. This government organization requires a significantly larger investment in defense, monitoring, and response with respect to malware.
The architectural process assists in discerning these differences and providing the appropriate safeguards to balance operational effectiveness, security, and cost.
Information Assurance: A Working Definition
An abstract organizational mission statement reads: Provide the people we serve with quality products and services on time, within budget, and within specified service level agreements (SLA). The ultimate focus is on stakeholder value. Stakeholder value may be shareholder value in the private sector or constituent value in the public sector. Whatever the mission, it requires operational integrity-operations must continue despite incidents that may interrupt, information must be accurate despite incidents that may corrupt, and information critical to mission success must be kept confidential from competitors, enemies, or other opposition despite incidents that may disclose. Many factors, including buildings, utility services (i.e., power and water), personnel, and information technologies, support the mission. Information assurance defines and applies a collection of policies, standards, methodologies, services, and mechanisms to maintain mission integrity with respect to people, process, technology, information, and supporting infrastructure.
Information assurance addresses information, not just information technology. A chief information officer (CIO) is responsible for information, not just information technology. Information assurance provides for confidentiality, integrity, availability, possession, utility, authenticity, nonrepudiation, authorized use, and privacy of information in all forms and during all exchanges.
Mission Integrity versus Mission Entropy
To maintain mission integrity, all relevant operations are working toward the fulfillment of the mission within an acceptable level of deviation. When operational levels exceed deviation parameters, operations have entered a state of mission entropy. Deviation
parameters define a fuzzy line separating mission integrity (successful mission fulfillment) from mission entropy where mission success is in jeopardy (Figure 1).