Thursday, April 27, 2006

Information Architecture plays a critical role in Security and Risk Management

IA_004 Podcast (mp3) Opens Audio File in Browser

In this podcast, Trevor Townsend of the C3I Group, an expert in the field of Security and Risk Management, explains why Information Architecture is critical to the protection of people, property, and information.

The following are notes provided to I.A. Consultants from Mr. Townsend in preparation for this discussion:

Why IA is important, no critical, to security and risk management:

Imagine trying to manage the following process without recognizing:
  • The value of accurate and timely information;
  • The need for availability of communications with your contacts;
  • The contacts' requirements for your information;
  • The need to communicate goals and objectives;
  • The need to communicate observations and actions; and
  • The need to differentiate between urgent, important, and neither
In brief, the whole security and risk management process...
In essence here is the rule: Use each and every stage unless there is a compelling reason not to.

  1. Statement of value
  2. Identification of assets
  3. Threat and Risk Assessments (TRAs)
  4. Security Controls and Countermeasures design
  5. Application of safeguards
  6. Vulnerability
  7. Stakeholder communications
  8. Risk accreditation
  9. Initiate operation - Operations management
  10. Surveillance and monitoring
  11. Incident response and management
  12. Recovery operations and investigations
  13. Operations maintenance
  14. Downgrade/Disposal/Termination of value
  15. Terminate operations
  16. Impact Assessments
  17. Review/Revise/Repeat
Mr. Townsend notes that a good exercise would be to pick something; anything of value you want to protect, apply this, and think it through...For Security and Risk Management people, imagine doing that with information chaos!

Creating change within organizations is fundamentally based on the group's capacity to manage, protect, and leverage relevant information on a daily basis. This article by Bob Goodman Change Architecture: Bringing IA to the Business Domain illustrates this point. To quote from the article:

"As IAs we are not just architecting information; we are using information to architect change. In “traditional” information architecture, the target of work is usually a website or a web-based application. Change architecture steps outside of these bounds. The domain is not limited to a web team; it expands to include today’s dynamic business environment and the way people, processes, and tools interact and interoperate. The target is no longer limited to web browsers; rather, it is the minds of those people charged with understanding the broader business landscape and contributing to better business decisions."

Saturday, April 01, 2006

future guests, persona development, IA Summit

IA_003 Podcast (mp3) Opens Audio File in Browser

Future Guests, Personas, Wrap-up of the IA Summit

This show talks about future guests, the value-add of persona development, and a wrap-up of the I.A. Summit.

C3I Group - Trevor Townsend will be a future guest on the show talking about security and risk management.

Eric Scheid - Ironclad

Olga Howard - Beaconfire

Noreen Whysel - Whysel and the IAWiki

Stig Anderson - defining IA

Call to IAs and other professionals to participate in future shows

Hays Specialist Recruitment

Communicating via Comics
My mistake - I said it was Jess in the podcast, obviously it's Peter in the presentation! Too many names and projects on the brain. The presentation itself is by Kevin Cheng and Jane Jao at Yahoo!

delicious - use the keyword iasummit2006 in the search box to find publications from the IA Summit this year.

5 minute wrap up from the IA Summit

The Chicken Test