So check this out–H2Glow has an LED faucet light that it temperature sensitive and turns blue for cold water and red for hot.
So check this out–H2Glow has an LED faucet light that it temperature sensitive and turns blue for cold water and red for hot.
>The Information Management Framework (IMF) provides a holistic view of the categories and components of effective information architecture.
These categories include the following:
Information-sharing–Enable information sharing by ensuring that information is visible, accessible, understandable, and interoperable throughout the enterprise and with external partners.
Efficiency–Improve mission efficiency by ensuring that information is requirements-based, non-duplicative, timely, and trusted.
Quality–Promote information quality, making certain that information provided to users is valid, consistent, and comprehensive.
Compliance–Achieve compliance with legislation and policy providing for privacy, freedom of information, and records management.
Security— Protect information assets and ensure their confidentiality, integrity, and availability.
All areas of the framework must be managed as part of effective information architecture.
There is an interesting interview in Government Executive, 18 May 2009, with Robert Kahn, one of the founders of the Internet.
In this interview Mr. Kahn introduces a vision for an Internet 2.0 (my term) based on Digital Object Architecture (DOA) where the architecture focus is not on the efficiency of moving information around on the network (or information packet transport i.e. TCP/IP), but rather on the broader notion of information management and on the architecture of the information itself.
The article states: Mr Kahn “still harbors a vision for how the Internet could be used to manage information, not just move packets of information” from place to place.
In DOA, “the key element of the architecture is the ‘digital element’ or structured information that incorporates a unique identifier and which can be parsed by any machine that knows how digital objects are structured. So I can take a digital object and store it on this machine, move it somewhere else, or preserve it for a long time.”
I liked the comparison to electronic files:
“A digital object doesn’t become a digital object any more than a file becomes a file if it doesn’t have the equivalent of a name and an ability to access it.”
Here are some of the key elements of DOA:
The overall distinguishing factor of DOA from the current Internet is that in the current Internet environment, you “have to know exactly where to look for certain information” and that’s why search engines are so critical to indexing the information out there and being able to find it. In contrast, in DOA, information is tagged when it is stored in the repository and given all the information up front about “how do you want to characterize it” and who can manage it, transport it, access it, and so on.
To me, in DOA (or Internet 2.0) the information itself provides for the intelligent use of it as opposed to in the regular Internet, the infrastructure (transport) and search features must provide for its usability.
As I am thinking about this, an analogy comes to mind. Some people with medical conditions wear special information bracelets that identify their unique medical conditions and this aids in the speed and possibly the accuracy of the medical treatment they receive—i.e. better medical management. This is like the tagging of information in DOA where the information itself wears a metaphorical bracelet identifying it and what to do with it thereby yielding faster and better information management.
Currently, we sort of retrofit data about our information into tags called metadata, but instead here we have the notion of creating the information itself with the metadata almost as part of the genetic makeup of the information itself.
Information with “handles” built into as a part of the information creation and capture process would be superior information for sharing, collaboration, and ultimately more user-centric for people.
In my humble opinion, DOA has some teeth and is certainly not “Dead On Arrival.”
Recently, I was interviewed on the subject of Security Architecture and was given permission to share the Q&A:
In general, what kinds of information security issues does an organization face?
The overarching information security issue in any organization is one of communication, collaboration and the need for transparency vs. the need to protect information from being compromised. Information security is about more than just “stopping leaks.” It is also about making sure that people don’t intercept, interject or otherwise manipulate agency information for their own ends.
A related issue has to do with protecting the agency’s critical IT infrastructure from physical or cyber attack. It’s the age-old conflict: If you lock it down completely, then you’re protecting it, but you also can’t use it. And if you open yourself up altogether, then obviously it won’t be long before somebody takes aim.
Finally, the largest threat to an organization’s information is clearly from insiders, who have the “keys to the kingdom.” And so one must pay great attention to not only the qualifications, but also the background, of the employees and contractors entrusted with access to IT systems. Additionally we must institute checks and balances so that each person is accountable and is overseen.
How do leaders demonstrate security leadership?
Leadership in the area of security is demonstrated in a variety of ways. Obviously the primary method for demonstrating the importance of this function is to formalize it and establish a chief information security officer with the resources and tools at his or her disposal to get the job done.
But security leadership also means building an awareness of risk (and countermeasures) into everything we do: education, awareness, planning, designing, developing, testing, scanning and monitoring.
When new applications or services are being planned and rolled out, does security have a seat at the table?
I can’t imagine any organization these days that doesn’t consider security in planning and rolling out new applications or services. The real question is, does the organization have a formal process in place to provide certification and accreditation for IT systems? By law, federal agencies are required to do this.
Would you say that information security is generally tightly integrated into organizational culture?
I think that a security mindset and culture predominate in professions where security is paramount, such as law enforcement, defense and intelligence, for obvious reasons.
But the larger question is, how would other organizations make the transition to a culture of greater information security? And this is actually a really important question in today’s age of transparency, social networking, Web 2.0, etc., where so much information is freely flowing in all directions. One approach that I have adopted as a culture-changing mechanism is to treat key initiatives as products to be marketed to a target audience. The IT security professional needs to be a master communicator as well as a technical expert, so that employees not only grudgingly comply with necessary measures, but are actively engaged with, and support, their implementation.
At the end of the day, the organization’s information security is only as strong as its weakest link. So security has to be as deeply ingrained into the culture and day-to-day operations as possible.
Is information security an inhibitor to new initiatives?
Information security is one of many requirements that new initiatives must meet. And of course there will always be people who see compliance as an inhibitor. But the reality is that security compliance is an enabler for initiatives to achieve their goals. So the key for IT security professionals is to keep educating and supporting their stakeholders on what they need to do to achieve success and security at the same time.
Internet Protocol version 6 (IPv6) is a network layer for packet-switched internetworks. It is designated as the successor of IPv4, the current version of the Internet Protocol, for general use on the Internet. The main change brought by IPv6 is a much larger address space that allows greater flexibility in assigning addresses. The extended address length eliminates the need to use network address translation to avoid address exhaustion, and also simplifies aspects of address assignment and renumbering when changing providers. (Wikipedia)
IPv6 is an important architecture change.
Government Executive Magazine, May 2008, reports that “Ipv6 upgrades are critical as space available for Internet addresses dwindles.”
Why are we running out of IP addresses on version 4?
“IPv4 uses 32-bit addresses and can support 4.3 billion devices with individual addresses on the Internet. With the world’s population estimated to be 6.5 billion—and with many people possessing multiple electronic devices such as PCs, cell phones, and iPods—there simply wil not be enough IPv4 addresses to meet the demand, let alone support the anticipated influx of new Internet users from developing countries. Also on the horizon are newfangled IP-enabled devices and appliances that will drive up the number of IP addresses per person.”
How does IPv6 solve this problem?
“IPv6 used 128-bit addresses and can support a virtually limitless number of globally addressable devices (The actual number is 2 to the 128th power).”
How is the conversion going?
The office of Management and Budget (OMB) has mandated that “By June 30, all federal agencies must prove that they have upgraded their networks’ connections, or backbones, to be capable of carrying IPv6 data traffic.”
Note: “All leading routers can support IPv6.”
A senior vice president for Quest said that “Every North American business and government needs to make the conversion.”
What other benefits does IPv6 offer?
Other benefits include:“built in security, network management enhancements such as auto-configuration and improved support for mobile networks. But in the decade since IPv6 was created, many of the extra features have been added to IPv4. So, the real motivator…is that it offers unlimited IP address space.”
“The most savings, however, will come from the new applications and services that IPv6 will provide.”
The Department of Defense “needs IPv6 to make its vision of netcentric warfare (the ability to tie together networks and sensors to deliver a stream of integrated real-time data to the battlefield and commanders) a reality…with IPv6, ‘everything can be addressable from a soldier to a sensor to an aircraft to a tank…we could have a sensor network with hundreds of thousands of nodes.”
IPv6 is important, but what other network initiatives underway is it competing with?
On the Federal side, what needs to be architected next for IPv6?
“Federal IT managers should begin reserving IPv6 address space, developing an addressing plan, and creating a migration strategy that includes extensive product testing and evaluation. So far 37 agencies have requested IPv6 adress space from the American Registry for Internet Numbers.”
Information management is the key to any enterprise architecture.
Information is the nexus between the business and technical components of the EA:
Information is required by the business to perform its functions and activities and it is served up by the systems and technologies that capture, process, transmit, store, and retrieve it for use by the business. (The information perspective is sandwiched in between the business and the services/technology perspectives.)
Recently, I synthesized a best practice for information management. This involves key values, goals for these, and underlying objectives. The values and objectives include the following:
The importance of information management to enterprise architecture was recently addressed in DM Review Magazine, May 2008. The magazine reports that in developing an architecture, you need to focus on the information requirements and managing these first and foremost!
“You need to first understand and agree on the information architecture that your business needs. Then determine the data you need, the condition of that data and what you need to do to cleanse, conform, and transform that data into business transformation.”
Only after you fully understand your information requirements, do you move on to develop technology solutions.
“Next, determine what technologies (not products) are required by the information and data architectures. Finally, almost as an afterthought, evaluate and select products.” [I don’t agree with the distinction between technologies and products, but I do agree that you first need your information requirements.]
Remember, business drives technology—and this is done through information requirements—rather than doing technology for technology’s sake.
“Let me also suggest …Do not chase the latest and greatest if your incumbent products can get the job done.”
In enterprise architecture, the customer/end-user is king and the information requirements are their edicts.
Here is an interesting list of 10 obstacles to the enterprise architecture from a colleague and friend, Andy Wasser, Associate Dean, Carnegie Mellon University School of Information Systems Management:
This is a good list for the chief enterprise architect to work with and develop strategies for addressing these. If I may, here are some thoughts on overcoming them:
1-4,7,9: Obtain Senior management commitment/support, resources, and business/IT partnership by articulating a powerful vision for the EA; identify the benefits (and mandates); preparing an EA program assessment, including lessons learned and what you need to do to make things “right”; developing an EA program plan with milestones that shows you have a clear way ahead. Providing program metrics of how you intend to evaluate and demonstrate progress and value for the business/IT.
5,6,8: Build credibility for EA planning, governance, and organizational awareness by hiring the best and the brightest and train, train, train; getting out of the ivory tower and working hand-in-hand in concert with business partners; building information products and governance services that are useful and usable to the organization (no shelfware!); using a three-tier metamodel (profiles, models, and inventories) to provide information in multiple levels of details that makes it valuable and actionable from everyone from the analyst to the chief executive officer; looking for opportunities (those that value EA and want to participate) and build incrementally (“one success at a time”).
10: Harmonize information sharing and security by developing an information governance board (that includes the chief information security officer) to vet information sharing and security issues; establishing data stewards to manage day-to-day issues including metadata development, information exchange package descriptions, discovery, accessibility, and security; creating a culture that values and promotes information sharing, but also protects information from inappropriate access and modification.
One of the perspectives of the enterprise architecture is Security. It details how we secure the business and technology of the organization. It includes managerial, operational, and technical controls. From an information security view, we seek confidentiality, integrity, availability, and privacy of information.
Who are we protecting the enterprise from in terms of our information security? From hackers of course!
How do we protect ourselves from hackers? By teaching our security professionals the tricks of the trade—teach them how to hack!
The Wall Street Journal, 1 April 2008, reports that “Hacker Camps Train Network Defenders: Sessions Teach IT Pros to Use Tools of the Online Criminal Trade.”
“In such sessions, which cost about $3,800, IT pros typically spend a week playing firsthand with the latest underground computer tools. By the end of the week, participants are trained as ‘ethical hackers’ and can take a certification test backed by the International Council of Electronic Commerce Consultants.”
“Overall more than 11,000 people have received the ‘ethical hacker’ certificate since 2003; nearly 500 places world-wide offer the training.”
Why do we need to teach these hacking tools to IT security professionals?
They need to understand what they’re up against so they can more effectively plan how to protect against the adversary. Know thy enemy!
How large is the IT security issue?
“The average large U.S. business was attacked 150,000 times in 2007…the average business considered 1,700 of these attacks as sophisticated enough to possibly cause a data breach. In addition, the number of unique computer viruses and other pieces of malicious software that hackers tried to install on computers and IT networks doubled to 500,000 last year from 2006…[and it’s expected] to double again in 2008.”
It’s great that we are advancing the training of our information security champions and defenders, but what about those who take the course, but are really there to learn hacking for the sake of hacking? How many of the 11,000 ‘ethical hackers’ that have been trained are really ethical and how many are using their newfound knowledge for more nefarious ends?
From an enterprise architecture standpoint, we need to ensure that we are not giving away the keys of the kingdom to anyone, including our own IT security staff—through hacker training. Also, we need to be careful not to rely on any one individual to maintain the security order of things. We need to plan our security using a system of checks and balances, just like the constitution lays out for the governance of the nation, so that even the chief information security officer (CISO) is accountable and has close oversight. Finally, we need to institute multiple layers of defense to work best we can to thwart even the determined hackers out there.
We are in an information economy and now more than ever business needs information to conduct their functions, processes, activities, and tasks.
To effectively conduct our business, the information needs to be relevant and reliable. The information should be current, accurate, complete, understandable, and available.
Information integrity is essential for enabling better decision-making, improving effectiveness, and reducing risk and uncertainty.
However, according to DMReview, 8 February 2008, “information within the [corporate] data warehouse continues to be inaccurate, incomplete, and often inconsistent with its sources. As a result, data warehouses experience low confidence and acceptance by users and consumers of downstream reports.”
“The Data Warehousing Institute estimates that companies lose more than $600 million every year due to bad information.”
What are some of the challenges to information integrity?
“Change and complexity introduce information integrity risk. Accelerating change accelerates information integrity risk. Compliance makes information integrity an imperative rather than an option.”
What are the particular challenges with data warehouses?
From an enterprise architecture perspective, information integrity is the linchpin between the businesses information requirements and the technology solutions that serves up the information to the business. If the information is no good, then what good are the technology solutions that provide the information to the business? In other words, garbage in, garbage out (GIGO)!
As enterprise architects, we need to work with the business and IT staffs to ensure that data captured is current, accurate, and complete, that it is entered into the system correctly, processed accurately, and that outputs are distributed on a need to know basis or as required for information sharing purposes, and is protected from unauthorized changes.
Using business, data, and systems models to decompose the processes, the information required for those, and the systems that serve them up helps to identity possible information integrity issues and aids in designing processes that enable quality information throughput.
Additionally, security needs to be architected into the systems from the beginning of their lifecycle and not as an afterthought. Information confidentiality, integrity, availability, and privacy are essential for an information secure enterprise and for information quality for mission/business performance.
Fire Sale─“Matt Farrell (Justin Long), a character in the movie Live Free or Die Hard, used this term to describe the plot by Thomas Gabriel (Timothy Olyphant) to systematically shut down the United States computer infrastructure. The plan crashes the stock market, communications and utilities infrastructure, crippling America’s economy and causing nation-wide chaos. The term was coined because of the phrase “everything must go” meaning all of the world’s technology based off of a computer system, virtually everything.” (Wikipedia)
The New York Times, 4 June 2007, in an article titled, “When Computers Attacks,” states how governments are preparing for the worst in terms of cyber attacks.
“Anyone who follows technology or military affairs has heard the predictions for more than a decade. Cyberwar is coming. Although the long-announced, long-awaited computer-based conflict has yet to occur, the forecast grows more ominous with every telling: an onslaught is brought by a warring nation, backed by its brains and computing resources; banks and other businesses in the enemy states are destroyed; governments grind to a halt; telephones disconnect.”
What systems are at risk?
All computers are at risk that connect “to the Internet through the industrial remote-control technologies known as Scada systems, for Supervisory Control and Data Acquisition. The technology allows remote monitoring and control of operations like manufacturing production lines and civil works projects like dams. So security experts envision terrorists at a keyboard remotely shutting down factory floors or opening a dam’s floodgates to devastate cities downstream.
But how bad would a cyberwar really be — especially when compared with the blood-and-guts genuine article? And is there really a chance it would happen at all? Whatever the answer, governments are readying themselves for the Big One.”
For example, “China, security experts believe, has long probed United States networks.Congress, China’s military has invested heavily in electronic countermeasures and defenses against attack, and concepts like “computer network attack, computer network defense and computer network exploitation.” According to a 2007 Defense Department annual report to
What are we doing?
The United States is arming up, as well. Robert Elder, commander of the Air Force Cyberspace Command, told reporters in Washington at a recent breakfast that his newly formed command, which defends military data, communications and control networks, is learning how to disable an opponent’s computer networks and crash its databases.
How serious is the threat of cyber attack?
“An all-out cyberconflict could ‘could have huge impacts,’ said Danny McPherson, an expert with Arbor Networks. Hacking into industrial control systems, he said, could be ‘a very real threat.’”
Is our nation’s architecture prepared to secure our enterprises and this country from a fire sale-type or other cyber terrorism attacks? Here are some actions that have been taken based on a CRS Report for Congress on “Computer Attacks and Cyber Terrorism” (17 October 2003)
Additionally, “The United States Computer Emergency Readiness Team (US-CERT) is a partnership between the Department of Homeland Security and the public and private sectors. Established in 2003 to protect the nation’s Internet infrastructure, US-CERThttp://www.us-cert.gov/) coordinates defense against and responses to cyber attacks across the nation.
According to the CRS Report For Congress, in July 2002, The U.S. Naval War College hosted a three day seminar style war game called ‘Digital Pearl Harbor;” 79% of participants believed that a strategic cyber attack was likely within 2 years.
While the dreaded cyber attack did not occur as feared by the war game participants, the scenario of a devastating cyber attack remain a real possibility that we must be prepared to confront and defeat.
As in the movie Live Free or Die Hard, a major cyber attack on this country could quickly bring us to our knees, if successful. We have become a nation born and bred on computers and automation. I challenge you to think of many things that you do that does not in some way involve these. We have formed a day-to-day dependency on all things computers, as individuals and as a nation.
In our enterprise architecture, we must continue to focus on comprehensive security frameworks for our organizations that address technical, managerial, and operational security areas. While the Federal Enterprise Architecture treats Security as a cross-cutting area, I believe that Security should be its own perspective (even though it crosses all domains), so that it can be given focus as an area that each and every agency and organization addresses. We must do more than create alerts, warning, and reporting capabilities. We need both “computer vaccines” that can quickly cure and rid us from the encroachment of a cyber attack, as well as hunter-killer offensive capabilities that can paralyze any warring nation or terrorist organization that would dare to attack us.
I remember hearing a saying that once something is created, it is bound to eventually be used. So it was with the atomic bomb. So it will be with cyber warfare, and we must be prepared to defend this nation.