|
|
The CESG Assurance Model is a framework that comprises four discrete
elements from which Information Assurance can be gained or lost:
- Intrinsic: understanding the risks and mitigations
associated with the origins of the individual parts of the ICT
solution
- Operational: understanding the activities
needed to maintain the risk level of an ICT solution once that
solution is in use
- Implementation: understanding the implications
of the combined properties of the individual parts and the extent
to which they meet they needs of the business
- Extrinsic: understanding gained through independent
and post-development examination of the ICT solution or its individual
parts
Although these elements appear to map chronologically to the lifecycle
of a product, system or service, greater value can be achieved if
they are considered simultaneously.
For example, a firewall is a simple component that controls accesses
across an IT network boundary. The policies it applies must reflect
the needs of the business.
Without the Model an Accreditor managing the risks associated with
a network connection might review the residual risk and determine
that an assured product is needed, but no more.
Using the Model, however, the Accreditor can acquire a broader set
of supporting information and might ask questions such as:
- How much trust will be needed in the supply chain, both now
and later? (Intrinsic, Operational)
- How will upgrades or patching be performed? (Intrinsic, Operational)
- Does the hardware or software need to be evaluated to mitigate
the risks, or would regular penetration testing be more appropriate?
(Extrinsic, Operational)
- Will the firewall be integrated into the business so its security
functions aren't degraded? (Implementation)
- Can the firewall be configured to support the access policies
that the business needs? (Intrinsic, Implementation)
- How will illicit access attempts be identified and what will
be done if they occur? (Implementation, Operational)
Such questions can be asked at any point in the solution life-cycle,
but are most powerful if asked continuously, for example:
- At the start, when the requirement is identified ("I need
to mitigate the risks of illicit network access")
- During delivery, when delivery or procurement decisions are
being made ("Will my decision on procurement affect the level
of risk to the business?")
- Once the ICT solution has entered use and changes, such as patches
or upgrades, are required. ("Do I need to place the same
level of trust in my supply chain for system patches?")
The diagram below shows the Model, with some example, illustrative
considerations.
|
