Information assurance architecture / Keith D. WIllett.

"An Auerbach book."

Includes bibliographical references (pages 555-557) and index.

Author's note -- Preface -- Acknowledgments -- Section 1: IA2 -- 1: Foundational concepts for IA2 -- 1-1: Introduction -- 1-2: Objective -- 1-3: Foundations of successful architecture -- 1-4: Ontologies, taxonomies, and hierarchies -- 1-5: Context and perspective -- 1-6: Identify, enumerate, articulate, and address -- 1-7: Summary and conclusion -- 2: IA2 framework -- 2-1: Introduction -- 2-2: Objectives -- 2-3: IA2 framework details -- 2-4: IA2 architectural drivers -- 2-5: IA2 views -- 2-6: IA core principles -- 2-7: IA2 principles -- 2-8: IA compliance requirements -- 2-9: Aligning IA with ELCM -- 2-10: IA2 Compliance verification -- 2-11: IA2 line of sight -- 2-12: Conclusion and commentary -- 3: IA2 process -- 3-1: Introduction -- 3-2: Objectives -- 3-3: IA2 process -- 3-4: Conclusion and commentary -- 4: IA quantification -- 4-1: Introduction -- 4-2: Objectives -- 4-3: IA quantification framework (IAQF) -- 4-4: IA quantification process (IAQP) -- 4-5: Conclusion and commentary -- Section 2: Applied IA2 -- 5: Organizational views of IA -- 5-1: Introduction -- 5-2: Objectives -- 5-3: Message of IA to the organization -- 5-4: Governance and IA -- 5-5: Management and IA -- 5-6: Builders and IA -- 5-7: Operations and IA -- 5-8: Users and IA -- 5-9: Leadership and IA -- 5-10: Commentary and conclusion -- 6: IA business drivers -- 6-1: Introduction -- 6-2: Objectives -- 6-3: IA requirements engineering and compliance management -- 6-4: IA requirement engineering and SE -- 6-5: Requirements traceability -- 6-6: Conclusion and commentary -- 7: IA technical drivers -- 7-1: Introduction -- 7-2: Objectives -- 7-3: IA2 technology drivers -- 7-4: Wireless networks: an example -- 7-5: Communications (voice and data): an example -- 7-6: Conclusion and commentary -- 8: IA2: Context of IA services -- 8-1: Introduction -- 8-2: Objectives -- 8-3: IA services -- 8-4: IA compliance management program -- 8-5: IA assessment and audit -- 8-6: Policy management -- 8-7: Security education, training, and awareness management -- 8-8: Privacy -- 8-9: Enterprise operations management: IA context -- 8-10: Computer security incident response team (CSIRT) -- 8-11: Vulnerability management -- 8-12: Digital forensics -- 8-13: Business impact assessment -- 8-14: Business continuity management -- 8-15: Disaster recovery planning (DRP) and disaster recovery management (DRM) -- 8-16: Backup and recovery -- 8-17: Security controls -- 8-18: Conclusion and commentary -- 9: IA2: Context of IA mechanisms -- 9-1: Introduction -- 9-2: Objectives -- 9-3: IA2 context of IA mechanisms -- 9-4: Organizational context of IA mechanisms -- 9-5: Security standards -- 9-6: Anti-malware -- 9-7: Firewalls -- 9-8: Intrusion detection systems -- 9-9: Honeypots -- 9-10: Public key infrastructure (PKI) and certificate authority (CA) -- 9-11: OS security -- 9-12: Identity and privilege management -- 9-13: Protecting the information infrastructure -- 9-14: Local area networks -- 9-15: Cryptography -- 9-16: E-commerce safeguards -- 9-17: Development quality assurance -- 9-18: Commentary and conclusion -- 10: Aligning IA2 and EA standards -- 10-1: Introduction -- 10-2: Objectives -- 10-3: Federal enterprise architecture (FEA): an introduction -- 10-4: DoDAF products overview -- 10-5: List of EA frameworks -- 10-6: Commentary -- Section 3: IA2 Enterprise Context -- 11: Framework perspective -- 11-1: Introduction -- 11-2: Frameworks as decision support tools -- 11-3: Organizational structure context framework -- 12: Frameworks -- 12-1: Introduction -- 12-2: Objectives -- 12-3: Enterprise context framework -- 12-4: Enterprise perspective of IA framework -- 12-5: Innovation framework -- 12-6: EA framework -- 12-7: ROI framework -- 12-8: Awareness, training, and education (ATE) framework -- 12-9: SATE framework -- 12-10: SE framework -- 12-11: Enterprise life cycle management (ELCM) framework -- 12-12: Security framework -- 12-13: Risk management framework -- 12-14: Security management program framework -- 12-15: Reality check framework (RCF) -- 12-16: Summary -- 12-17: IA2 framework context -- 13: IA justification -- 13-1: Introduction -- 13-2: Objectives -- 13-3: ROI justification -- 13-4: IA justification based on examining the threat space -- 13-5: Expanding on the adversary threat space -- 13-6: Consequences -- 13-7: IA operations cycle as IA justification -- 13-8: Empirical evidence -- 13-9: Compliance requirements -- 13-10: IA justification summary -- 14: Future of IA and IA2 -- 14-1: Introduction -- 14-2: Objectives -- 14-3: Future vision -- 14-4: Future of IA -- 14-5: Future of IA2 -- Appendix A: IA2 process template -- Appendix B: Templates of IA2 F views -- Appendix C: IA quantification process template -- Appendix D: Security management program framework -- Appendix E: Security management program template outline -- Appendix F: NIST document applicability template -- Appendix G: IA standards best practices references -- Appendix H: Root cause analysis template -- Appendix I: Problem assertion document template -- Appendix J: Privacy management program outline -- Appendix K: E-insurance -- Appendix L: Reading list -- Glossary -- References -- List of figures -- List of tables -- Index.

From the Publisher: Safeguard Your Organization's Information! Now that information has become the lifeblood of your organization, you must be especially vigilant about assuring it. The hacker, spy, or cyber-thief of today can breach any barrier if it remains unchanged long enough or has even the tiniest leak. In Information Assurance Architecture, Keith D. Willett draws on his over 25 years of technical, security, and business experience to provide a framework for organizations to align information assurance with the enterprise and their overall mission. The Tools to Protect Your Secrets from Exposure. This work provides the security industry with the know-how to create a formal information assurance architecture that complements an enterprise architecture, systems engineering, and the enterprise life cycle management (ELCM). Information Assurance Architecture consists of a framework, a process, and many supporting tools, templates and methodologies. The framework provides a reference model for the consideration of security in many contexts and from various perspectives; the process provides direction on how to apply that framework. Mr. Willett teaches readers how to identify and use the right tools for the right job. Furthermore, he demonstrates a disciplined approach in thinking about, planning, implementing and managing security, emphasizing that solid solutions can be made impenetrable when they are seamlessly integrated with the whole of an enterprise. Understand the Enterprise Context. This book covers many information assurance subjects, including disaster recovery and firewalls. The objective is to present security services and security mechanisms in the context of information assurance architecture, and in an enterprise context of managing business risk. Anyone who utilizes the concepts taught in these pages will find them to be a valuable weapon in the arsenal of information protection.