IT:AD:7A

Summary

Continuing the work done on IT:AD:6A, the following adds Available, which is needed to keep focus on delivering both resilient and managed systems. Resilient systems provide horizontal scaling in order to handle unexpectedly high usage, as well as DOS attacks, and managed systems imply monitoring, alerting, backups, etc. At a stretch it also implies Usability and Accessibility – which are both very important, but it's beyond the scope of security.

Principle

  • Accessible (ie: resilient, usable, accessible)
  • Anytime (ie: afterhours, and reduce downtimes).
  • Anywhere (ie: from within and outside of corporate firewalls)
    • Meets Accessible and Dependability Values, And Accessibility Qualities
  • Anyhow (ie: any channel, any device, that does not require special plugins, client certs, etc.)
  • Anyone (ie: available to any system or person – anonymous or identified – but will be filtered Appropriately based on Authorisation)
    • Meets Protective Qualities
  • Appropriate (ie: provide filtered projections which strip out sensitive data)
    • Implements Clemency Values
    • Meets Resilience Qualities
  • Audited (ie: all – including Views – operations are audited, as well as monitored and automatically alert as required).
    • Meets Accountable Values,
    • Meets Accountability Qualities

Notes

  • Appropriate implies Authorized, which in turn implies Authenticated, so IT:AD:3A concerns are met.