📚    BPM    SDLC    BIAanl    Data    Meta    Math    📚 👐 🎭 index - references    elucidation    metier 🎭
👐    Intro     model flow     model_re1-1n     4-artfct     complete-run     What next     👐    top bottom   👐

Design Meta, governing data security


Modeling the security attributes of data artifacts and objects

Securization Meta.

Mindmap opsec ALC type3  SDLC meta security chapter - back Metadata, what is in it? Just having data, there are a lot of questions to answer:
📚 Information data is describing?
⚙ Relationships data elements?
🎭 Who is using data for what proces?
⚖ Inventory information being used ?


🔰 Most logical back reference.

Contents

Reference Topic Squad
Intro Securization Meta. 01.01
model flow Who has access, logical model. 02.01
model_re1-1n Who has access, model relationships. 03.01
4-artfct The four basic artifact types. 04.01
complete-run Completion to a running operational environment. 05.01
What next Step by step, Travelling the unexplored. 06.00
Following steps 06.02

Combined links
Combined pages as single topic.
👓 deep dive , Data Proces layers
👓 describe data ,Data Administration
👓 Data Modelling
🚧 ALC type3 Security Access
🕶 ALC type3 Low code Analytics, Business (SDLC)


Progress


Who has access, logical model.

A logical model will show all involved parties, that are:
  1. Human resource support. delegated resposibility by line management. (data controller)
  2. Business applications and their usage by business departments.
  3. ICT being the service provider for data processing.
In a picture: secure_relate01.jpg
Reference partial:"Role Discovery and RBAC Design A Case study with IBM RaPM."

Replacing the symbols to more technical symbols, There are two important elements: Keys and Groups. The picture:
secure_relate02.jpg

Who has access, model relationships.


Logical Relationships occurences.
Some challenging attention points for an implementation in roles.
💣 Business applications can be used by multiple business departments.
Who is responsible accountable for a business application shoud be made clear.
💣 Tools can be used by multiple business applications a 1-1* relationship.
Who is responsible accountable for a tool shoud be made clear.
💣 The usage of a key /account should be traceble to a person. Shared usage of accounts to be avoided. A person can have multiple keys / accounts. Using high privileged rights segregations by different accounts is mandatory.

These challenges are caused by assumptions, being more simplistic, not realistic.

Logical Relationships between the four major elements.
The relationships (I Business, see picture): secure_relate03.jpg
The relationships (II Technical, see picture):

Attribute based rights keys/accounts.
Others aside keys groups could be: date / time, machine hardawre identification, geo location, used network connections, skill level, autorization level.

The four basic artifact types.

The ALC type3 (Application Life Cycle) is having four articaft types, both when developping and running (production). The picture from the design-bpm chapter:
bp_lifedev03.jpg
secure_realize01.jpg
Securing the well known types Data and Code will reuslt in: Having tenfolds of businessapplications, the number of npa´ss and groups increases easily above hundreds.

The results -documents- have their own requirements and implementations.

The kind of number of security defintions to manage is seen as problematic.
There is no problem in automatization with standardization.
Proposing everybody shoudl have their own infrastrcuture is moving the manageability challenge to managing all those segregated infastructure components.
In the real life logistic world, using containers moving and transporting goes the best using optimized shared cargo carriers.

An understandable structure is required. The logical security being easily understood and higly segregated is mandatory by compliancy.

Completion to a running operational environment.

The business applications ar coming into live by administrators doing the last configurations and manipulations using a schedule planning. The service portal (desk) for the Business as delivery point. The picture changes into:
secure_realize02.jpg

Hidden for the business are the tools and other infrastructural components. They are at the other side of the service portal(desk). Of course these are necessary. For anay tools only validated tested ones (infrastrcuture) are used, even when only used at test (business logic). The change in the picture for that is: secure_realize03.jpg
 horse sense

Step by step, Travelling the unexplored.


related topics.
Starting to implement technical solutions for a security goal, doesn´t bring much when the preparation on what to achieve is not done. Considerations to do first:
Considerations wiht adjustments to as-is situations:
Unexplored joureney Enterprise
Transforming processes.
Change is a the only constant factor of a journey. Never knowing for sure what is next. Changing fast is exploring where no one has gone before.
The people around ICT are a different kind of species than the ones running the business. Understanding the business during fast transitions is another world.



Combined pages as single topic.
Combined links
👓 deep dive , Data Proces layers
👓 describe data ,Data Administration
👓 Data Modelling
ALC type3 Security Access
🕶 ALC type3 Low code Analytics, Business (SDLC)


🔰 Most logical back reference.



⚒    Intro     descrpt_data     model_data     access_usrkey     descrpt_documnt     What next     ⚒ 👐    top bottom   👐
📚    BPM    SDLC    BIAanl    Data    Meta    Math    📚 👐 🎭 index - references    elucidation    metier 🎭

© 2012,2019 J.A.Karman