Applying Business Process Reengineering to the Marine Corps Information Assurance Certification and Accreditation Process

摘要

This thesis focuses on applying Business Process Reengineering (BPR) to the Marine Corps Information Assurance (IA) Certification and Accreditation (C&A) process as it pertains to Technology Services Organization-Kansas City (TSO-KC). More specifically, the area of research concentrates on analyzing TSO- KC developed Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) packages for Manpower, Personnel, and Pay systems as they currently operate, and the feasibility of applying BPR to the IA security posture required by these systems. The goal of this thesis is to effect a radical change in the IA C&A system process, resulting in a significant increase in quality or efficiency, a considerable reduction in process duration, and an appreciable diminution of cost. This thesis discusses the current 'As-Is' state of the IA C&A process model for TSO-KC IT systems and applications, and discusses methods of improving this proces. Potential desired 'To-Be' state models are explored using the Knowledge Value Added (KVA) methodology, and the most efficient model is developed and validated by applying it to the current IA C&A process flow at the TSO-KC. Finally, this thesis recommends aspects of BPR initiatives to apply to the IA C&A process at the TSO-KC to realize positive change. Areas of follow on study to augment the research in this thesis are also briefly discussed.