LMI Enterprise Architecture and Information Assurance Integration Approach

1
LMI Enterprise Architecture and Information
Assurance Integration Approach

• A Case Study

2
Agenda

• Introduction
• Background/History
• Why Integrate EA and IA
• LMI LEAP Methodology
• Approach to EA IA integration
• Challenges encountered
• Solutions developed

P A G E 2
3
Overview of LMIHistory
Founded in 1961 by Secretary McNamara under the
Kennedy administration to bring the best minds
to bear on solving our governments most complex
management problems
4
Background/History Continued

• LMI is an independent not-for-profit government
  consulting firm
• Located in McLean, VA
• LMI has substantial experience assisting federal
  agencies with IT planning and implementation,
  including EA and IA.

5
Background/History Continued

• Dr. Didier Perdu and Dr. Roxanne Everetts
• LMI Research Fellows
• Members of the EA and IA communities of practice
• Dr. Perdu is the EA Practice Technical Advisor
  over 20 years experience with EA
• Dr. Everetts leads the IA Practice, over 28 years
  experience in IT, last 15 in IA

6
Initial Problem

• LMI was asked to developed an IA EA integration
  implementation plan
• in response to requirements from GAO EAMMF to
  capture security aspects in EA
• Conducted initial research to establish state of
  the practice and identify industry best practice
  for integration approach

7
Findings

• Over-estimated maturity of the practice
• IA requirements are not included in EA models and
  artifacts
• IA has only been routinely integrated into Design
  Phase of the System Development Life Cycle (SDLC)
• Bottom line

There is limited integration between EA and IA
8
Why integrate EA and IA

• EA can be used to express IA throughout SDLC
• EA provides enterprise-wide coordination and
  integration of processes, information, and
  technology
• EA enables multi-layered analysis of managerial,
  technical and operational elements
• EA can enable organizations to meet the challenge
  of ensuring the optimal allocation of resources
  while providing the highest level of security

9
Call to Action

• Based on findings, LMI decided that its EA
  approach, LEAP should be modified to integrate IA
• In response to increasing requests
• To best serve our government clients
• To align our practice with emerging industry
  standards and best practices

10
What is LEAP?

• LMI Enterprise Architecture Practice (LEAP) is
  the approach used by LMI since 2000 to help
  federal agencies develop and implement Enterprise
  Architecture
• LEAP perspective is that EA is more than a set of
  products required to achieve compliance

Interrelationship of architecture layers
11
LMI EA/IA Integration Methodology

• Focus of IRD project to integrate IA into EA
  program
• Formed team of EA and IA specialists
• Reviewed existing EA document
• Reviewed IA controls
• Mapped NIST Security controls to EA process
  layers
• Identified EA products/artifacts to address
  controls

12
Challenges Encountered

• No common taxonomy
• Unsure of impact of IA controls on EA artifacts
• Gap between EA process oriented focus and IA
  system/technology focused approaches
• Lack of Industry Best Practices for integration
  approach

13
Solutions Developed

• Extend BPMN to cover process areas where security
  controls apply
• Bridge gap between process focus vs system focus
• For each IA control, identify changes to related
  EA artifacts to address security

14
Solutions Developed Continued
15
Solutions Developed Continued

• Initiate EA and IA staff orientation sessions
• To develop common understanding and taxonomy
• Transform research into best practices
• Reach out to both the EA and IA communities
• Participate in the public discussion
• Share our experience with the community

16
Next Steps

• Normalize LEAP with Federal Segment Architecture
  Methodology (FSAM)
• Continue to monitor emerging industry standards
  and best practices
• Continue research and development activities

17
For further information

• Dr. Didier Perdu
• 571-633-7757
• DPerdu_at_LMI.org
• Dr. Roxanne Everetts
• 703-917-7271
• REveretts_at_LMI.org

18
Speakers Bio

• Roxanne B. Everetts, DM, CISSP, CISM, CBCP, is a
  Information Assurance Research Fellow at LMI with
  over twenty five years of progressively
  increasing information technology experience,
  including systems administration, database design
  and implementation, open systems migration, staff
  training and management, and general management
  experience. As a Research Fellow at LMI, Dr.
  Everetts uses her extensive technical background
  to provide high-level support in the areas of
  Information Systems Security, Information
  Assurance, Information Operations, and Critical
  Infrastructure Protection.  She provides support
  to multiple government agencies, providing
  functional and operational expertise analyzing
  information security requirements to assist
  customers establishing information assurance and
  defensive information operations programs.  Dr.
  Everetts performs extensive research on policy
  issues for a variety of customers. 
• Dr. Didier Perdu is a Research Fellow with LMI
  Government Consulting and heads the Tools and
  Methods Group of the Enterprise Architecture
  Practice. He has more than twenty years of
  experience in modeling and evaluation of
  enterprise architecture and information systems
  using a variety of methodologies and software
  packages.  Dr. Perdu has worked on many
  Enterprise Architecture projects for government
  clients such as GSA, OMB, US Army, CMS, and GPO.
  Dr Perdu holds a Ph.D. in Information Technology
  from George Mason University and a Master of
  Science in Technology and Policy from MIT.