2007 Issue 2 - Raytheon
2007 Issue 2 - Raytheon
2007 Issue 2 - Raytheon
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Feature<br />
Information Assurance:<br />
A Holistic<br />
Approach<br />
Post-9/11, it became apparent that creating<br />
a physical “ring of steel” around chosen<br />
environments where security was the cornerstone<br />
for safety and security was counterproductive.<br />
It did not restore confidence in<br />
our economy, our industries or our citizens.<br />
A realization grew quickly that what was<br />
needed was the ability to authenticate a<br />
person claims, while still maintaining confidentiality.<br />
These claims include 1) a person’s<br />
identity, 2) their permission to be at a certain<br />
place at a certain time,<br />
and 3) their authorization to<br />
perform certain activities.<br />
This is not necessarily physically<br />
bound — it is both<br />
real and virtual.<br />
Information Assurance (IA)<br />
is the “process” by which<br />
we protect and defend our<br />
information and information<br />
systems in order to<br />
ensure confidentially,<br />
integrity, availability and<br />
accountability. IA also<br />
extends to restoration,<br />
with protect, detect,<br />
monitoring and reacting<br />
capabilities. Even if<br />
you don’t understand<br />
what this means, it is<br />
still changing your<br />
world.<br />
Just as we experience in real life,<br />
accountability closes the loop on any holistic<br />
approach to IA. The access control environment<br />
must allow an audit loop to be<br />
established with someone responsible for<br />
the activity in the loop. Hence, the holistic<br />
principle of IA becomes confidentiality,<br />
integrity, availability, accountability and<br />
restoration. This means that IA becomes a<br />
people-directed activity, with clear links of<br />
responsibility to the individual through<br />
association by identification.<br />
As the real world becomes more and more<br />
digitized, so does the need for irrefutable<br />
authentication of people involved with<br />
permission to be in that digital environment.<br />
Authentication — or the ability to prove in<br />
20 <strong>2007</strong> ISSUE 2 RAYTHEON TECHNOLOGY TODAY<br />
a non-repudiation approach that you are<br />
who you say you are — then became integrated<br />
with all other daily processes. At<br />
that point, IA reflected the issues that safeguard<br />
daily life. This is an important point<br />
because it means that IA is, in fact, the way<br />
we view digital life, and not a “bolt” in the<br />
way information security, engineering security,<br />
or operations security has been in the<br />
past. In fact, IA is an integrated approach<br />
to security, incorporating policy, technology<br />
and security (personal, physical and environmental)<br />
components, and must be<br />
“baked” into the “process.”<br />
Accordingly, real-life issues such as privacy<br />
are justifiable ones for IA. Indeed, it will<br />
become the principal issue to overcome:<br />
the ability to prove your identity and that<br />
you are entitled to the list of permissions<br />
associated to you and the information you<br />
access or distribute. This suggests that the IA<br />
world is one of permissions (not rules or law).<br />
As society embraces the net-centric world,<br />
it is becoming overwhelmed with information.<br />
We experience the knowledge age<br />
(the application of information) as a society<br />
hungry for information (some productive<br />
and other destructive), so much so that<br />
entire programs have been built around<br />
achieving greater efficiency to access and<br />
process knowledge.<br />
I believe what 9/11 taught us is that people<br />
matter. People must be identified in a nonrepudiatable<br />
manner to allow society to<br />
continue to operate in a safe and secure<br />
way. Therefore, IA is not just about technology,<br />
information or even infrastructures; it is<br />
about protecting our most valued asset —<br />
our homeland, citizens and way of life.<br />
<strong>Raytheon</strong> is and has always been a customer-focused<br />
organization. While everyone<br />
else rushed to the IA “gold mine,”<br />
<strong>Raytheon</strong> has been more vigilant, waiting<br />
for others to catch up and really understand<br />
what the issues are — truly adding<br />
value to our clients’ mission-critical requirements.<br />
So whether it is our clients’ highly<br />
classified operating environment, a commercial<br />
business, protecting our employees<br />
at home and work, or our own business<br />
operations, we practice what we preach.<br />
We take pride in our holistic information<br />
assurance program, and we enjoy a privilege<br />
that we do not take for granted: being considered<br />
your partners in transformation. •<br />
Stephen R. Haynes<br />
stephen_r_haynes@raytheon.com<br />
PROFILE: STEVE HAYNES<br />
Steve Haynes<br />
is an entrepreneurial,broadbased<br />
thought<br />
leader specializing<br />
in<br />
Information<br />
Assurance, an<br />
integrated<br />
approach to<br />
security. Haynes<br />
has extensive<br />
hands-on<br />
experience in<br />
the strategic and tactical implementation of<br />
e-commerce, e-government and e-business related<br />
products and services. “With security, it’s no<br />
longer about assessing or even managing the<br />
risk,” said Haynes, “it’s about governing the risk.”<br />
His 15 years of exemplary service in the security<br />
field, coupled with 20 years in the credit card<br />
industry, has earned him the respect of his<br />
industry. “I take pride and pleasure in serving<br />
my clients and focusing on their enterprisewide<br />
mission critical needs.”<br />
Noted for his visionary leadership and proactive<br />
problem-solving approach, Haynes’s holistic<br />
focus is on the process of protecting and defending<br />
information and information systems. “My<br />
goal is to make clients successful by providing<br />
what we have learned and help them become<br />
thought leaders in the Information Assurance<br />
industry. This will enable them to meet their<br />
mission-critical goals and objectives. That’s what<br />
will keep them coming back again and again.”<br />
An Information Assurance instructor at the<br />
National Defense University, Haynes is periodically<br />
asked to assist the U.S. government by<br />
engaging in strategic joint agency tasks/initiatives.<br />
He is also on retainer to the Executive<br />
Office of the President and has been an advisor<br />
to three presidential administrations and<br />
numerous senior levels of management on a<br />
regular basis. He is called upon to define overall<br />
corporate strategic positioning and tactical<br />
implementation to enhance corporate level<br />
value and provide business advantage. A leader<br />
by example, Haynes empowers resources to act<br />
with speed, simplicity and self-confidence.<br />
“My great grandfather used to say, ‘It’s not<br />
enough to do things right, it’s as important to<br />
do the right thing.’ And at <strong>Raytheon</strong>, we strive<br />
to serve our clients with holistic solutions that<br />
work — the first time, every time.”