IT:AD:8A
- See also:
Summary
Continuing the work done on IT:AD:7A, the following adds Accounted – which is needed to keep focus on telemetry.
Principle
- Accessible (ie: resilient, usable, accessible)
- Meets Dependability Values, And Accessibility Qualities
- Anytime (ie: afterhours, and reduce downtimes).
- Meets Dependability Values, And Accessibility Qualities
- Anywhere (ie: from within and outside of corporate firewalls)
- Meets Accessible and Dependability Values, And Accessibility Qualities
- Anyhow (ie: any channel, any device, that does not require special plugins, client certs, etc.)
- Anyone (ie: available to any system or person – anonymous or identified – but will be filtered Appropriately based on Authorisation)
- Meets Protective Qualities
- Appropriate (ie: provide filtered projections which strip out sensitive data)
- Note that Appriopriate implies Authorized implies Authenticated. It just changes it from a Binary blocker to a more fluid response (“Return more or less Attributes based on what (Roles/Claims) you provide”)
- Implements Clemency Values
- Meets Resilience Qualities
* Audited (ie: all – including Views – operations are audited, as well as monitored and automatically alert as required).
- Meets Accountable Values,
- Meets Accountability Qualities
* Accounted originally meant same as Accounted, but with Accounted already there, is better suited to remind you to Count (ie: counted used telemetry to understand use cases, and therefore subsequent effort allocation, as well as determining risk profile).
Notes
It is common for Organisation's to confuse the concept of Securing something, and Secreting. The first is an preventative form of protection, the second is simply a vice, diametrically opposed to Transparency and Honesty.