XVII
Introduction
Where or when did information security become an issue? If you look
at the various ages our world has evolved through, we are now in
what we call the Information Age, a period in time during which we
have more data that are related to almost nothing and for which we
try to account. e types of data issues we are faced with include the
following:
• Classifying (not in the security sense but as in filing or
archiving)
• Storing
• Setting destruction standards
• Setting sensitivity standards (personally identifiable informa-
tion (PII))
• Protecting
• Moving (media bandwidth)
• Controlling—who can access it
• Needless other tasks that produce nothing
And then we have the metadata and the components that accompany it.
Reading this book will not give you just a few reasons why security
is foremost, but reading it and following the procedures will give you
an understanding of your infrastructure and what requires further
attention.
XVIII
IntroduCtIon
In the Information Age we have created requirements and standards
that for some are hard to understand and follow—or perhaps peo-
ple are just plain lazy in doing their jobs. With the recent crash of
the economy, loss of jobs, fleecing of America, and corporations’
continuance to destroy America by outsourcing jobs, job security does
not exist. Information assurance is and will remain the future for all
the “data” created. Now you have to create a new wheel on how to
meet the standards and requirements for infrastructure security. A
mere review of the confidentiality, integrity, and availability is not
andwill never be acceptable in a world that demands privacy.
roughout this book, I will interject my opinion about various
areas and my experience in dealing with customers as a consultant
and how they can manipulate you to produce more than you should
or expect you to overlook what is not completed or planned for the
infrastructure, or is just not happening.
Studies have shown that the enactment of the Paperwork Reduction
Act (44 U.S.C. 3501 et seq.) has placed more of a burden and paper
requirement on the people it was designed to protect than during any
other time in history, and we produce more paper documents than
ever before.
After reading this book you will have the knowledge to better
understand how to evaluate your network, evaluate the business model
of your company, and learn how they fit together in the selection of
the correct systems to support your infrastructure. You will under-
stand how to perform a business impact analysis and a risk assess-
ment to further develop your data security needs. Furthermore, your
knowledge of the different processes of the Information Technology
Infrastructure Library (ITIL), Microsoft Operations Framework
(MOF), and business service management will come to light. You
will understand how they are truly derivatives of a security function
that is or is not in place, and you will see how you can implement the
correct level of controls for the specific process. You will also have the
seed to start developing your skills to better understand the 17 fami-
lies of management, how they are applied, and at what level they are
applied; you will know what management, operational, and technical
control is and how each are implemented within your infrastructure
(FigureI.1). As a final benefit of this book, you will have the tools to

Get Enterprise Architecture and Information Assurance now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.