IT:AD:7A
Summary
Continuing the work done on IT:AD:6A, the following adds Available, which is needed to keep focus on delivering both resilient and managed systems. Resilient systems provide horizontal scaling in order to handle unexpectedly high usage, as well as DOS attacks, and managed systems imply monitoring, alerting, backups, etc. At a stretch it also implies Usability and Accessibility – which are both very important, but it's beyond the scope of security.
Principle
- Accessible (ie: resilient, usable, accessible)
- Meets Dependability Values, And Accessibility Qualities
- Anytime (ie: afterhours, and reduce downtimes).
- Meets Dependability Values, And Accessibility Qualities
- Anywhere (ie: from within and outside of corporate firewalls)
- Meets Accessible and Dependability Values, And Accessibility Qualities
- Anyhow (ie: any channel, any device, that does not require special plugins, client certs, etc.)
- Anyone (ie: available to any system or person – anonymous or identified – but will be filtered Appropriately based on Authorisation)
- Meets Protective Qualities
- Appropriate (ie: provide filtered projections which strip out sensitive data)
- Implements Clemency Values
- Meets Resilience Qualities
- Audited (ie: all – including Views – operations are audited, as well as monitored and automatically alert as required).
- Meets Accountable Values,
- Meets Accountability Qualities
Notes
- Appropriate implies Authorized, which in turn implies Authenticated, so IT:AD:3A concerns are met.