ABSTRACT
The IA2 approach is exclusively for information assurance. You may use IA2 to integrate IA into FEA, Zachman, DoDAF, or other enterprise architecture approaches to effectively identify and address business risk. All too often security is an afterthought that causes service delays and increases organizational risk by not integrating with business processes, performance goals, and technical solutions. Identifying risk and inserting appropriate risk mitigation throughout the EA process and overall enterprise life cycle management (ELCM) is more effective than after-the-fact bolt-on of IA. IA integration from inception is far more efficient from the perspectives of development and implementation cost, operations, and overall performance value. The enterprise architect or the IA architect should apply IA2 throughout the enterprise architecture (EA) process.
