Presentation is loading. Please wait.

Presentation is loading. Please wait.

LMI Enterprise Architecture and Information Assurance Integration Approach A Case Study.

Similar presentations


Presentation on theme: "LMI Enterprise Architecture and Information Assurance Integration Approach A Case Study."— Presentation transcript:

1 LMI Enterprise Architecture and Information Assurance Integration Approach A Case Study

2 P A G E 2 Agenda Introduction Background/History Why Integrate EA and IA LMI LEAP Methodology Approach to EA IA integration Challenges encountered Solutions developed P A G E 2

3 P A G E 3 Overview of LMI—History Founded in 1961 by Secretary McNamara under the Kennedy administration “…to bring the best minds to bear on solving our government’s most complex management problems”

4 P A G E 4 Background/History —Continued LMI is an independent not-for-profit government consulting firm –Located in McLean, VA LMI has substantial experience assisting federal agencies with IT planning and implementation, including EA and IA.

5 P A G E 5 Background/History —Continued Dr. Didier Perdu and Dr. Roxanne Everetts LMI Research Fellows –Members of the EA and IA communities of practice Dr. Perdu is the EA Practice Technical Advisor; over 20 years experience with EA Dr. Everetts leads the IA Practice, over 28 years experience in IT, last 15 in IA

6 P A G E 6 Initial Problem LMI was asked to developed an IA EA integration implementation plan – in response to requirements from GAO EAMMF to capture security aspects in EA Conducted initial research to establish state of the practice and identify industry best practice for integration approach

7 P A G E 7 Findings Over-estimated maturity of the practice IA requirements are not included in EA models and artifacts IA has only been routinely integrated into Design Phase of the System Development Life Cycle (SDLC) Bottom line: There is limited integration between EA and IA

8 P A G E 8 Why integrate EA and IA EA can be used to express IA throughout SDLC EA provides enterprise-wide coordination and integration of processes, information, and technology EA enables multi-layered analysis of managerial, technical and operational elements EA can enable organizations to meet the challenge of ensuring the optimal allocation of resources while providing the highest level of security

9 P A G E 9 Call to Action Based on findings, LMI decided that its EA approach, LEAP should be modified to integrate IA –In response to increasing requests –To best serve our government clients –To align our practice with emerging industry standards and best practices

10 P A G E 10 What is LEAP? LMI Enterprise Architecture Practice (LEAP) is the approach used by LMI since 2000 to help federal agencies develop and implement Enterprise Architecture LEAP perspective is that EA is more than a set of products required to achieve compliance Interrelationship of architecture layers

11 P A G E 11 LMI EA/IA Integration Methodology Focus of IR&D project to integrate IA into EA program Formed team of EA and IA specialists Reviewed existing EA document Reviewed IA controls Mapped NIST Security controls to EA process layers Identified EA products/artifacts to address controls

12 P A G E 12 Challenges Encountered No common taxonomy Unsure of impact of IA controls on EA artifacts Gap between EA process oriented focus and IA system/technology focused approaches Lack of Industry Best Practices for integration approach

13 P A G E 13 Solutions Developed Extend BPMN to cover process areas where security controls apply –Bridge gap between process focus vs system focus For each IA control, identify changes to related EA artifacts to address security

14 P A G E 14 Solutions Developed —Continued

15 P A G E 15 Solutions Developed —Continued Initiate EA and IA staff orientation sessions –To develop common understanding and taxonomy Transform research into best practices –Reach out to both the EA and IA communities –Participate in the public discussion –Share our experience with the community

16 P A G E 16 Next Steps Normalize LEAP with Federal Segment Architecture Methodology (FSAM) Continue to monitor emerging industry standards and best practices Continue research and development activities

17 P A G E 17 For further information Dr. Didier Perdu Dr. Roxanne Everetts

18 P A G E 18 Speakers’ Bio Roxanne B. Everetts, DM, CISSP, CISM, CBCP, is a Information Assurance Research Fellow at LMI with over twenty five years of progressively increasing information technology experience, including systems administration, database design and implementation, open systems migration, staff training and management, and general management experience. As a Research Fellow at LMI, Dr. Everetts uses her extensive technical background to provide high-level support in the areas of Information Systems Security, Information Assurance, Information Operations, and Critical Infrastructure Protection. She provides support to multiple government agencies, providing functional and operational expertise analyzing information security requirements to assist customers establishing information assurance and defensive information operations programs. Dr. Everetts performs extensive research on policy issues for a variety of customers. Dr. Didier Perdu is a Research Fellow with LMI Government Consulting and heads the Tools and Methods Group of the Enterprise Architecture Practice. He has more than twenty years of experience in modeling and evaluation of enterprise architecture and information systems using a variety of methodologies and software packages. Dr. Perdu has worked on many Enterprise Architecture projects for government clients such as GSA, OMB, US Army, CMS, and GPO. Dr Perdu holds a Ph.D. in Information Technology from George Mason University and a Master of Science in Technology and Policy from MIT.


Download ppt "LMI Enterprise Architecture and Information Assurance Integration Approach A Case Study."

Similar presentations


Ads by Google