ABSTRACT
Table 1.1 Information Assurance and Derivative Terminology .................. 10
Table 2.1 Physical Infrastructure .............................................................. 26
Table 2.2 IA2 Principles ............................................................................ 31
Table 2.3 IA2 Implementation Taxonomy Examples ................................... 47
Table 3.1 IA2 F Views: Intent Examples ..................................................... 53
Table 3.2 First Three IA2 Views by IA Core Principles: Examples ............... 55
Table 3.3 Second Three IA2 Views by IA Core Principles: Examples .......... 56
Table 3.4 IA2 F Views: Environment Examples........................................... 59
Table 3.5 IA2 F Views: Scope Guidance .................................................... 60
Table 3.6 IA2 F Views: Scope Examples ..................................................... 61
Table 3.7 IA2 F Views: Input Guidance ..................................................... 62
Table 3.8 IA2 F Views: Input Examples ...................................................... 63
Table 3.9 IA2 F Views: Analysis Examples .................................................. 65
Table 3.10 IA2 F Views: Identify Output Examples .................................... 66
Table 3.11 CMM Overview ....................................................................... 67
Table 4.1 TPA Rating Template .................................................................. 78
Table 4.2 TPA Rating Guide ...................................................................... 79
Table 4.3 TPA Confidence Level Guide ..................................................... 80
Table 5.1 OCF Layer Relationships (Planning and Implementation) .......... 95
Table 5.2 OCF Layer Relationships (Tracking and Reporting) .................... 96
Table 5.4 Threat Status .............................................................................. 98
Table 5.5 Cost of Asset Loss and Recovery .............................................. 102
Table 5.6 E-Insurance Coverage Options ................................................ 105
Table 5.7 OECD Policy Development Principles ..................................... 114
Table 6.1 IA Core Principles and Relevance to SOA Foundational Attributes .................................................................................................. 133
Table 6.2 Domain Attributes Template .................................................... 135
Table 6.3 Domain Risks Template ........................................................... 136
Table 6.4 Requirements Traceability Table Template ............................... 137
Table 7.1 Wireless Terms ......................................................................... 143
Table 8.1 Privacy Qualifier Examples ...................................................... 182
Table 8.2 Censorship Guidelines............................................................. 183
Table 8.3 Operations Security Guidelines ............................................... 189
Table 8.4 Business Continuity Best Practices .......................................... 210
Table 8.5 SLAs for Backup/Recovery ...................................................... 220
Table 8.6 Security Controls Overview .................................................... 224
Table 9.1 Aligning IA Mechanisms with IA Core Principles .................... 228
Table 9.2IA Services and IA Mechanisms in Context of IA Operations Cycle ...................................................................................... 230
Table 9.3 Applied IA2 Template ............................................................... 232
Table 9.4 Homogeneous versus Heterogeneous Environment Benefits and Drawbacks ......................................................................................... 234
Table 9.5 Applied IA2 Summary: Standards ............................................. 235
Table 9.6 Applied IA2 Summary: Anti-Malware ...................................... 237
Table 9.7 Applied IA2 Summary: Firewalls .............................................. 244
Table 9.8 FW Benefits with Respect to IA Core Principles ...................... 246
Table 9.9 Applied IA2 Summary: IDS ...................................................... 247
Table 9.10 Applied IA2 Summary: Honeypots ......................................... 252
Table 9.11 Applied IA2 Summary: PKI ..................................................... 254
Table 9.12 Applied IA2 Summary: Operating System Security................. 257
2 Management ............................................................................................. 261
Table 9.14 Applied IA2 Summary: Information Infrastructure ................. 264
Table 9.15 OSI Model Perspective of LAN Security ................................ 266
Table 9.16 Applied IA2 Summary: LANs .................................................. 267
Table 9.17 Applied IA2 Summary: Cryptography ..................................... 269
Table 9.18 Cryptographic Business Drivers Linked to IA Core Principles: Overview ................................................................................. 270
Table 9.19 Applied IA2 Summary: E-Commerce Safeguards .................... 272
Table 9.20 Applied IA2 Summary: DQA .................................................. 276
Table 10.1 DoDAF Products and IA2 Relationship .................................. 290
Table 10.2 EA Frameworks ...................................................................... 298
Table 10.3 EA Organizations Reference .................................................. 300
Table 12.1 Personal Objective-Centered Framework .............................. 326
Table 12.2 Business Risk Motivations for security Framework ................ 331
Table 12.3 Reality Check Framework Guide ........................................... 334
Table 13.1 RCF Guide to IA Justification Questions ............................... 338
Table 13.2 Threat Space Categories and Examples .................................. 341
Table 13.3 IA2 Threat Taxonomy.............................................................. 346
Table 13.4 IA Justification in Potential Business Loss per IA Core Principle .................................................................................................... 361
Table 14.1 IA Architectural Influences .................................................... 372
Table 14.2 Systems Dynamics Factors .................................................... 377
Table 14.3 Future Vision of IA ................................................................ 381
Table 14.4 Future Vision of IA2 ............................................................... 384
Table A.1 Enterprise Dynamics: Intent Details ........................................ 389
Table A.2 IA2 F Views: Intent Details ...................................................... 389
Table A.3 Environment Details ................................................................ 390
Table A.4 IA2 F Views: Environment Details ............................................ 390
Table A.5 IA2 F Views: Scope Details ...................................................... 391
Table A.6 IA2 F Views: Input Details ....................................................... 391
Table A.8 IA2 F Views: Analysis Details ................................................... 392
Table A.9 IA2 F Views: Output Details .................................................... 393
Table A.10 IA2 F Views: Production Details............................................. 393
Table B.1 IA2 Views by IA Core Principles .............................................. 396
Table B.2 IA2 Views by Reality Check Framework ................................... 397
Table B.3 IA2 Views by Organizational Context Framework.................... 398
Table B.4 IA2 Views by ELCM Phase ........................................................ 399
Table B.5 IA2 Views by the IA2 LoS Elements........................................... 400
Table B.6 IA2 Views by the ECF Elements ................................................ 401
Table B.7 IA2 Views by Risk Management ............................................... 403
Table C.1 Parameters and Their Characteristics and States ..................... 407
Table C.2 Parameters and Their Characteristics and States (Example) ..... 408
Table C.3 Parameter Quantification ....................................................... 410
Table C.4 Parameter Quantification (Example) ....................................... 410
Table C.5 Parameter Quantification ....................................................... 411
Table C.6 Parameter Quantification (Example) ....................................... 412
Table C.7 Analysis ................................................................................... 412
Table C.8 Analysis (Example) .................................................................. 413
Table C.9 Mockup of Final Results .......................................................... 414
Table D.1 SMP Categories (Based on SP 800-53) .................................... 417
Table D.2 Security Management Plan Framework (SMP Framework) ...... 418
Table E.1 IA2 Details of Security Controls ............................................... 455
Table F.1 NIST References by SMP Categories (as Based on SP 800-53) ................................................................................................ 462
Table G.1 Best Practice References ......................................................... 490
Table H.1 RCA Summary ........................................................................ 497
Table H.2 Organizational Feedback ........................................................ 498
Table H.3 Players .................................................................................... 499
Table H.4 Event Sequence ...................................................................... 500
Table H.6 Procedure Analysis ................................................................. 501
Table H.7 Personnel Analysis .................................................................. 502
Table H.8 Design Analysis ....................................................................... 503
Table H.9 Training Analysis ..................................................................... 504
Table H.10 Management Analysis ........................................................... 504
Table H.11 External Phenomenon Analysis ............................................. 505
Table I.1 Problem Space Category Descriptions ..................................... 510
Table I.2 Problem Statement Guide ........................................................ 511
Table I.3 Personnel and Player’s List ....................................................... 511
Table I.4 People Analysis......................................................................... 512
Table I.5 Training Analysis ....................................................................... 513
Table I.6 Management Analysis ............................................................... 514
Table I.7 Process ..................................................................................... 515
Table I.8 Equipment/Material Analysis .................................................... 516
Table I.9 Design Analysis ........................................................................ 516
Table I.10 Environmental Analysis .......................................................... 517
Table I.11 Data Analysis ......................................................................... 517
Table I.12 Applications Analysis .............................................................. 518
Table I.13 Final Problem: The Discrete Parts ........................................... 520
Table I.14 Problem Statement Checks/Balance ....................................... 522