Information Architecture plays a critical role in Security and Risk Management
IA_004 Podcast (mp3) Opens Audio File in Browser
In this podcast, Trevor Townsend of the C3I Group, an expert in the field of Security and Risk Management, explains why Information Architecture is critical to the protection of people, property, and information.
The following are notes provided to I.A. Consultants from Mr. Townsend in preparation for this discussion:
Why IA is important, no critical, to security and risk management:
Imagine trying to manage the following process without recognizing:
- The value of accurate and timely information;
- The need for availability of communications with your contacts;
- The contacts' requirements for your information;
- The need to communicate goals and objectives;
- The need to communicate observations and actions; and
- The need to differentiate between urgent, important, and neither
In essence here is the rule: Use each and every stage unless there is a compelling reason not to.
- Statement of value
- Identification of assets
- Threat and Risk Assessments (TRAs)
- Security Controls and Countermeasures design
- Application of safeguards
- Vulnerability
- Stakeholder communications
- Risk accreditation
- Initiate operation - Operations management
- Surveillance and monitoring
- Incident response and management
- Recovery operations and investigations
- Operations maintenance
- Downgrade/Disposal/Termination of value
- Terminate operations
- Impact Assessments
- Review/Revise/Repeat
Creating change within organizations is fundamentally based on the group's capacity to manage, protect, and leverage relevant information on a daily basis. This article by Bob Goodman Change Architecture: Bringing IA to the Business Domain illustrates this point. To quote from the article:
"As IAs we are not just architecting information; we are using information to architect change. In “traditional” information architecture, the target of work is usually a website or a web-based application. Change architecture steps outside of these bounds. The domain is not limited to a web team; it expands to include today’s dynamic business environment and the way people, processes, and tools interact and interoperate. The target is no longer limited to web browsers; rather, it is the minds of those people charged with understanding the broader business landscape and contributing to better business decisions."