MOTIVATIONAL BUSINESS VALUES AND ISSUES The business values, issues, and management challenges that drive integrity initiatives and commitments are primarily comprised of, but are not limited to the following:
Value of a surprise-free future If management is continually addressing unwelcome surprises, denials of services, and impacts to its processing objectives, the enterprise will experience (1) loss of credibility, (2) investment in less than optimum resource commitments and unnecessary expenditures, (3) and unproductive reactive management decisions. The optimum value is a surprise-free future which can be proactively managed. The ideal can and should be approached through substantiation of both strategic and tactical countermeasures and protection mechanisms that safeguard against those factors that contribute to the uncertainty of resources and assets These countermeasures cover a wide spectrum ranging from administrative manual procedures and processes to sophisticated engineering processes and tools that focus on disparate heteromorphic processing environments and the complexity of the domains, components, and subcomponents that comprise a corporations overall processing program. Value of system survivability and processing integrity This is attained through the management of uncertainty surrounding the robustness of critical information processes and resources, their identification, quantification, assessment, and use. A systems robustness is a relational correlation of the systems components, to each components built in resistance capability (including processing redundancy, logical self propagation, and accessibility to, and deployment of, additional sustaining countermeasures and protection mechanisms), to internal and external threats of misuse, abuse, espionage, or attack(s). In complex intra/Internetworked systems or systems of systems, the capability to maintain the referential integrity of the information created, used, stored, and/or transmitted is imperative. Value of information availability This focuses on the demand, responsiveness, and accessibility of information resources, as needed, including preservation and recoverability following the manifestation of a disruption or denial of service. Issue of sensitivity and/or programmatic functional criticality of information This is determined by an enterprise-wide programmatic assessment of the values of information resources and operational performance(s). The valuation items and/or issues identified are used by management to determine the relevant consequences of both real and perceived loss of information integrity, availability, and confidentiality; and are assigned a weighting factor(s) as to their significance or perceived significance. These valuation items are imperative in determining appropriate strategic and tactical control deployments and justification of associated expenditures to meet business objectives. Issue of trust This is a determination resulting from the identification and assessment of where and/or how information resources are assembled, stored, and processed by human or electronic entities/agents/systems. Each process and/or associated agent normally has differing levels of privileges that may impact the integrity of the information resources. The use of trusted agents and systems to establish webs of trust for intra/Internetworked systems demands proactive management of uncertainty in using information resources, and is based upon the assumption that:
Issue of uncertainty This is the motivational factor in which full certainty of information processing agents, systems, and information resources may not be practically achievable. Proactive minimization of uncertainty demands accountability for risk acceptance. Acceptable levels of risk are measured in terms of those exposures that do not have corresponding safeguards to reduce or eliminate risk(s) due to weaknesses in existing or recently deployed safeguards or protection mechanism design faults, inappropriate application, or issues identified as anomolies resulting from new technology implementations. Issue of measurability of risk This focuses on the management of uncertainty surrounding the state of information resources. Uncertainty is identified, quantified, assessed, and is used to ascertain residual risk resulting from unavailable or improperly deployed safeguards and protection mechanisms, implementation of new technology, or speculative change (e.g., legislative or regulatory mandates, politics, etc.).
|
We are proud to bring to all of our members a legal copy of this outstanding book. Of course this version is getting a bit old and may not contain all of the info that the latest version are covering, however it is one of the best tool you have to review the basics of security. Investing in the latest version would help you out in your studies and also show your appreciation to Auerbach for letting me use their book on the site.