session 7 - infosecurity-itarchitecture - alecia heng
TRANSCRIPT
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
Alecia Heng
Vice President of Education, IASA Asia Pacific
W: http://www.iasahome.org
IT Architecture Resilience in the face of the Storm
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
Agenda
The context of IT Architecture
The Top 5 Information security breaches
How ITABOK addresses IT Security?
Conclusion
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
IT Architecture Landscape based on F-T-S
• Most of IT Architecture based on Frameworks and Technologies are required to re-learn & re-certify for every new releases AND typically Technology, Platform & Vendor specific
• The IASA IT Architecture Training, Certification & Career Path are based on ITABOK - IT Architecture Skills Sets
3
IT Architecture Frameworks e.g.: TOGAF, DODAF, MODAF, FEAF,
Zachman Enterprise Architecture Framework, etc
FExistin
g
IT Architecture Technologies e.g.: IBM Technology, Cisco Technology,
Oracle Technology, Microsoft Technology, Database Technology,
Java & .NET Platforms, etcT
Existing
IT Architecture Skill Sets by IASA and based on ITABOK i.e. IT Architecture
Body of KnowledgeSNewSince 2009
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
The Analogy of IT Architecture F-T-S with World of Music
4
• By having the right IT Architecture skills, one can create their own IT Architecture Frameworks and adopt the right technologies & platforms
• IT Architecture skills provide life long Learning and journey
IT Architecture Frameworks Analogy:Various Musical Styles e.g. Pop, Jazz, Classical, Rocks, Traditional, Disco, etcFIT Architecture Technologies Analogy:
Various Musical Instruments e.g. Drums, Flute, Guitar, Piano, Violin, etcT
IT Architecture Skill Sets Analogy:Music skills that allow you to
compose songs, play music, adopt musical style and choose musical
instruments S
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
IT Challenges: Understanding Business Requirements P
hysic
al W
orl
dIT
Wo
rld
5
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
IT Challenges: Communicating Design
“IF YOU CAN NOT DESCRIBE IT, THEN YOU CANNOT IMPLEMENT IT !!!”
6
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
The Intractable Challenges in typical IT Project
IT Systems/
Applications
IT
Infrastructure
Architecture
Blueprint
IT
Governance
Business
Strategy
IT
Architecture
Strategy
Business Strategy:
- Not promises
- Not about What to do
- Focus on How to do
- Have execution plan
- Continues validation and
verification
Business, User &
Functional
Requirements
7
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
IT Systems Challenges: Many Islands of IT Projects
8
Project 1
Project Team 1
Project 2
Project Team 2
Project 3
Project Team 3
Project n…
Project Team n…
EAI Project
EAI Project A
EAI Project B
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
60%-70%The rate of IT projects failed in some way (Standish & Gartner Report)
IT Project Failures are Norm in our Industry?
9
66%The rate of miscommunication between business and IT that caused IT projects failure, costing U.S. businesses at least $30 billion every year. (Forrester Research)
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
The IT Architecture Formal Definition by IASA
Refer to definition of other Existing Professions?
IT Architecture (IASA):
The art and science of
designing and
delivering valuable
technology strategy for
the business. i.e. the
IT Architecture
profession.
Medicine:
The art and science of
treating disease with
drugs or curative
substances, as
distinguished from
surgery and obstetrics. i.e.
the medical profession.
Building Architecture:
The art and science of
designing and
erecting buildings. i.e.
the building
architecture
profession.
10
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
IT Architecture Body Of Knowledge enables IT Architect as Technology Strategist for the Business
Foundation Body of Knowledge
Software Architecture
InfrastructureArchitecture
Enterprise Architecture
Business Technology Strategy
IT Environment
Quality Attributes
Human Dynamics
Design
Information Architecture
BusinessArchitecture
11
Competitive Advantage
Business Network
Valuable Assets
Economy Factor
Unique Posture Capability
RobustnessRelevancy
Alignment
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
Addressing IT & Business Challenges by IT Architecture
“Agility" is the ability of an organization to sense
environmental change, and respond efficiently and effectively
to that change.”
AwarenessRight Information
Knowing what
is going on
ProductivityRight Processes
And Operations
Executing Well
Day-to-day
FlexibilityRight Options
Confronting
Expected
Change
AdaptabilityRight Reactions
Confronting
Unexpected
Change
IT
&
Business
Agility
12
Information
Architecture
Software
Architecture
Infrastructure
ArchitectureBusiness
Architecture
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
Who Can Become an IT Architect? (yesterday)
• Anyone who has more than 10 years of IT project implementation experience
• Has performed various IT roles such as developer, system analyst, project manager, network/server engineer, PMO, CTO, etc
• Failed in couple of large IT projects and burned millions of dollars without being put to jail
13
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
Who Can Become an IT Architect? (today)
• Anyone who has some interest to become an IT Architect and having to understand the Values of business and technology relationship
• With ITABOK, you DO NOT have to be 10 years IT experiences NOR
o be a programmer
o be in IT expert
o be gifted
o be old14
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
Agenda
The context of IT Architecture
The Top 5 Information security breaches
How ITABOK addresses IT Security?
Conclusion
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
No. 1… Information Security Breach
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
No. 2… Information Security Breach
Using Personal Email to send Work’s Related files
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
No. 3… Information Security Breach
Files/data SHUFFLING to personal email/hard disk
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
No. 4… Information Security Breach
Stolen or Lost of Devices/Notebook
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
No. 5… Information Security Breach
Information Leakages via Web Sites Outbound Post
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
Agenda
The context of IT Architecture
The Top 5 Information security breaches
How ITABOK addresses IT Security?
Conclusion
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
Medical Profession/ Doctor
Body of Knowledge in other Established Professions
Legal / Lawyers
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
Foundation Body of Knowledge
Software Architecture
InfrastructureArchitecture
Enterprise Architecture
Business Technology Strategy
IT Environment
Quality Attributes
Human Dynamics
Design
Information Architecture
BusinessArchitecture
Quality Attributes Described
They represent
horizontal concerns across
all aspects of technology
strategy and IT
Architecture.
They are the key in
architecting and designing
a robust system & affected
by:
Times
Cost
Requirements
Skilled Resources
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
EssentialVery
importantSomewhat important
Not very important
Not applicable
at all
Priority for Career Focus
General Quality Attribute skills (category rating)
22.0% (87) 50.8% (201) 23.7% (94) 2.8% (11) 0.8% (3) 73%
Monitoring and Management 21.3% (85) 50.9% (203) 23.3% (93) 4.5% (18) 0.0% (0) 72%
IT Security 54.5% (217) 37.7% (150) 7.8% (31) 0.0% (0) 0.0% (0) 92%
Balancing and Optimizing Quality Attributes 29.6% (118) 54.6% (218) 14.8% (59) 1.0% (4) 0.0% (0) 84%
Performance 40.9% (164) 48.4% (194) 10.0% (40) 0.7% (3) 0.0% (0) 89%
Reliability, Availability, Scalability 59.1% (237) 37.2% (149) 3.7% (15) 0.0% (0) 0.0% (0) 96%
Manageability, Maintainability 44.2% (176) 45.2% (180) 9.3% (37) 1.3% (5) 0.0% (0) 89%
Extensibility, and Flexibility 44.1% (177) 50.1% (201) 5.0% (20) 0.7% (3) 0.0% (0) 94%Usability, Localization, Accessibility, Personalization
31.3% (123) 44.0% (173) 20.4% (80) 4.1% (16) 0.3% (1) 75%Other (please list and describe) 6
answered question 402skipped question 132
Quality Attributes – Survey Says
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
IT Security
• IT Security covers a broad field cutting across all aspect of IT projects:
– Regularly review compliance issues
– Guide technical teams in security implementation
– Develop security strategy to secure baseline
• Tools and resources:
– Various securities tools from products to frameworks
– Http://www.itsecurity.com
IT Architect Skills Analysis (0-10)
1. I am aware of basic security principles and concepts- 2 pts
2. I have studied security as a field – 3 pts
3. I have used industry standard security components on projects (NOT HTTPS) - 4 pts
4. I regularly review security infrastructure for the enterprise – 5 pts
5. I lead the field in an aspect of security – 6 pts
Cost of not knowing
1. Monetary loss from hackers
2. Poor customer relations
3. Regulatory compliance matters
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
Performance
• Facts about performance:
– Performance is expensive
– Everyone wants more than they need
– No one gives accurate requirements
– It has a direct customer impact
• Always get a concurrency and performance count before you create an IT Architecture solution
• Tools and resources:
– Code analysis
– Performance testing suites
IT Architect Skills Analysis (0-10)
1. I am aware of the elements of enterprise performance- 2 pts
2. I have used numerous performance tools – 4 pts
3. I have led the adoptions of performance standards - 5 pts
4. I regularly mentor teams on performance analysis and delivery– 6 pts
5. I impact the industry understanding of performance capabilities – 6 pts
Cost of not knowing
1. Huge customer impact
2. IT become stopper to business operations
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
Example of Quality Attributes Trade Off’
Given a specific Time, Cost, Requirement and Resources, below are some of the Quality Attributes metrics:
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
Agenda
The context of IT Architecture
The Top 5 Information security breaches
How ITABOK addresses IT Security?
Conclusion
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
The Industry needs IT Architects – 2010 The Best Job in the US is Software Architect among Top 100 Jobs
29
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
IT Architect Seniority in par with the Senior Level of IT Management
30
http://www.computerworld.com/spring/salary-survey/2011/job_level/5
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
IT Architect Career Map Defined by IASA
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
IT Architecture & Standard Practices
Conclusion
The IT Architecture excellent must be accompanied by the “Right” IT Security Strategy started right from Business Requirements
The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010
Thank You and Q&A
33