IT:AD:9A

Summary

Continuing the work done on IT:AD:8A, the following adds Administrable – which is needed to keep focus on adaptability.

Principle

  • Accessible (ie: resilient, usable, accessible)
  • Anytime (ie: afterhours, and reduce downtimes).
  • Anywhere (ie: from within and outside of corporate firewalls)
    • Meets Accessible and Dependability Values, And Accessibility Qualities
  • Anyhow (ie: any channel, any device, that does not require special plugins, client certs, etc.)
  • Anyone (ie: available to any system or person – anonymous or identified – but will be filtered Appropriately based on Authorisation)
    • Meets Protective Qualities
  • Appropriate (ie: provide filtered projections which strip out sensitive data)
    • Note that Appriopriate implies Authorized implies Authenticated. It just changes it from a Binary blocker to a more fluid response (“Return more or less Attributes based on what (Roles/Claims) you provide”)
    • Implements Clemency Values
    • Meets Resilience Qualities
  • Audited (ie: all – including Views – operations are audited, as well as monitored and automatically alert as required).
    • Meets Accountable Values,
    • Meets Accountability Qualities
  • Accounted originally meant same as Accounted, but with Accounted already there, is better suited to remind you to Count (ie: counted used telemetry to understand use cases, and therefore subsequent effort allocation, as well as determining risk profile).
  • Administerable means the system can be modified (eg: Profiles, Roles, etc.) by the end use (eg: Self-Service/Self-Admin), or an dedicated admin staff.

Notes

It is common for Organisation's to confuse the concept of Securing something, and Secreting. The first is an preventative form of protection, the second is simply a vice, diametrically opposed to Transparency and Honesty.