Information Architecture plays a critical role in Security and Risk Management

IA_004 Podcast (mp3) Opens Audio File in Browser

In this podcast, Trevor Townsend of the C3I Group, an expert in the field of Security and Risk Management, explains why Information Architecture is critical to the protection of people, property, and information.

The following are notes provided to I.A. Consultants from Mr. Townsend in preparation for this discussion:

Why IA is important, no critical, to security and risk management:

Imagine trying to manage the following process without recognizing:

• The value of accurate and timely information;
• The need for availability of communications with your contacts;
• The contacts' requirements for your information;
• The need to communicate goals and objectives;
• The need to communicate observations and actions; and
• The need to differentiate between urgent, important, and neither

In brief, the whole security and risk management process...
In essence here is the rule: Use each and every stage unless there is a compelling reason not to.

1. Statement of value
2. Identification of assets
3. Threat and Risk Assessments (TRAs)
4. Security Controls and Countermeasures design
5. Application of safeguards
6. Vulnerability
7. Stakeholder communications
8. Risk accreditation
9. Initiate operation - Operations management
10. Surveillance and monitoring
11. Incident response and management
12. Recovery operations and investigations
13. Operations maintenance
14. Downgrade/Disposal/Termination of value
15. Terminate operations
16. Impact Assessments
17. Review/Revise/Repeat

Mr. Townsend notes that a good exercise would be to pick something; anything of value you want to protect, apply this, and think it through...For Security and Risk Management people, imagine doing that with information chaos!

Creating change within organizations is fundamentally based on the group's capacity to manage, protect, and leverage relevant information on a daily basis. This article by Bob Goodman Change Architecture: Bringing IA to the Business Domain illustrates this point. To quote from the article:

"As IAs we are not just architecting information; we are using information to architect change. In “traditional” information architecture, the target of work is usually a website or a web-based application. Change architecture steps outside of these bounds. The domain is not limited to a web team; it expands to include today’s dynamic business environment and the way people, processes, and tools interact and interoperate. The target is no longer limited to web browsers; rather, it is the minds of those people charged with understanding the broader business landscape and contributing to better business decisions."