IT:AD:9A
- See also:
Summary
Continuing the work done on IT:AD:8A, the following adds Administrable – which is needed to keep focus on adaptability.
Principle
- Accessible (ie: resilient, usable, accessible)
- Meets Dependability Values, And Accessibility Qualities
- Anytime (ie: afterhours, and reduce downtimes).
- Meets Dependability Values, And Accessibility Qualities
- Anywhere (ie: from within and outside of corporate firewalls)
- Meets Accessible and Dependability Values, And Accessibility Qualities
- Anyhow (ie: any channel, any device, that does not require special plugins, client certs, etc.)
- Anyone (ie: available to any system or person – anonymous or identified – but will be filtered Appropriately based on Authorisation)
- Meets Protective Qualities
- Appropriate (ie: provide filtered projections which strip out sensitive data)
- Note that Appriopriate implies Authorized implies Authenticated. It just changes it from a Binary blocker to a more fluid response (“Return more or less Attributes based on what (Roles/Claims) you provide”)
- Implements Clemency Values
- Meets Resilience Qualities
* Audited (ie: all – including Views – operations are audited, as well as monitored and automatically alert as required).
- Meets Accountable Values,
- Meets Accountability Qualities
* Accounted originally meant same as Accounted, but with Accounted already there, is better suited to remind you to Count (ie: counted used telemetry to understand use cases, and therefore subsequent effort allocation, as well as determining risk profile).
- Administerable means the system can be modified (eg: Profiles, Roles, etc.) by the end use (eg: Self-Service/Self-Admin), or an dedicated admin staff.
Notes
It is common for Organisation's to confuse the concept of Securing something, and Secreting. The first is an preventative form of protection, the second is simply a vice, diametrically opposed to Transparency and Honesty.