Architecture, Infrastructure, and Operations

Architecture, Infrastructure, and Operations Booklet Contents

• Introduction
• I Architecture, Infrastructure, and Operations
• II Architecture, Infrastructure, and Operations Governance
  • II.A Board and Senior Management Responsibilities
    • II.A.1 Strategic Planning
    • II.A.2 Enterprise Risk Management
  • II.B Other Roles and Responsibilities
    • II.B.1 IT Management Responsibilities
      • II.B.1(a) Chief Architect
      • II.B.1(b) Chief Data Officer
      • II.B.1(c) IT Operations Management
    • II.B.2 IT Operations Personnel Responsibilities
  • II.C Policies, Standards, and Procedures
  • II.D Internal Audit, Independent Reviews, and Certification Processes
  • II.E Communication
  • II.F Board and Senior Management Reporting
• III Common AIO Risk Management Topics
  • III.A Data Governance and Data Management
    • III.A.1 Data Identification and Classification
    • III.A.2 Database Management
      • III.A.2(a) Database Security
    • III.A.3 Non-Production Environments
    • III.A.4 Data Analytics
  • III.B IT Asset Management
    • III.B.1 Technology Asset Inventory
      • III.B.1(a) Hardware Inventory
      • III.B.1(b) Software Inventory
    • III.B.2 IT Asset End-of-Life
    • III.B.3 Shadow IT
  • III.C IT and Business Environment Representations
    • III.C.1 Network Diagrams
    • III.C.2 Data Flow Diagrams
    • III.C.3 Business Process Diagrams and Narratives
  • III.D Managing Change in AIO
    • III.D.1 Change Management
    • III.D.2 Transitioning From Strategic Change Management to Day-to-Day Operations
  • III.E Oversight of Third-Party Service Providers
  • III.F Resilience
  • III.G Remote Access
  • III.H Personally Owned Devices
  • III.I File Exchange
• IV Architecture
  • IV.A Architecture Plan
  • IV.B Design Objectives
  • IV.C IT Architecture Design
  • IV.D Enterprise Architecture
• V Infrastructure
  • V.A Hardware
  • V.B Network and Telecommunications
    • V.B.1 Network
    • V.B.2 Telecommunications
      • V.B.2(a) Voice Communications
      • V.B.2(b) Data Communications
  • V.C Software
    • V.C.1 Internally and Externally Developed Software
    • V.C.2 Software Types
      • V.C.2(a) Open Source Software
      • V.C.2(b) Mainframe Security Software
      • V.C.2(c) Application Programming Interfaces
    • V.C.3 Software Hosting
  • V.D Environmental Controls
    • V.D.1 Heating, Ventilation, and Air Conditioning
    • V.D.2 Smoke and Fire
    • V.D.3 Water
    • V.D.4 Power
  • V.E Physical Access Controls
• VI Operations
  • VI.A Operational Controls
    • VI.A.1 Operating Centers
    • VI.A.2 Authorization Boundary
    • VI.A.3 Identity and Access Management
    • VI.A.4 Personnel Controls
  • VI.B IT Operational Processes
    • VI.B.1 Maintenance
    • VI.B.2 Configuration Management
    • VI.B.3 Vulnerability and Patch Management
      • VI.B.3(a) Vulnerability Management
      • VI.B.3(b) Patch Management
    • VI.B.4 Backup and Replication Processes
    • VI.B.5 Scheduling
    • VI.B.6 Capacity Management
    • VI.B.7 Log Management
    • VI.B.8 Disposal of Data and Media
  • VI.C Service and Support Processes
    • VI.C.1 Service Management
    • VI.C.2 Operational Support
    • VI.C.3 IT Support
    • VI.C.4 Event, Incident, and Problem Management
  • VI.D Ongoing Monitoring and Evaluation Processes
    • VI.D.1 Monitoring and Reporting
    • VI.D.2 IT and Operations Key Performance Indicators
    • VI.D.3 Control Self-Assessments
    • VI.D.4 Continuous Improvement
• VII Evolving Technologies
  • VII.A Cloud Computing
    • VII.A.1 Essential Characteristics
    • VII.A.2 Cloud Service Models
    • VII.A.3 Cloud Deployment Models
    • VII.A.4 Shared Responsibilities
    • VII.A.5 Risk Considerations for Cloud Computing
      • VII.A.5(a) Access Control Considerations
  • VII.B Zero Trust Architecture
  • VII.C Microservices
  • VII.D Artificial Intelligence and Machine Learning
  • VII.E Internet of Things
• Appendix A: Examination Procedures
• Appendix B: Glossary
• Appendix C: Abbreviations
• Appendix D: References