⚙    bpm    sdlc    bianl    data    meta    math    ⚙ 👐 🎭 index - references    elucidation    metier 🎭
⚒    Links    ⚒ 👐    top bottom   👐

Devops Meta - governing data


All active made links to details

ICT at an organization by layers.

Mindmap opsec Metadata, what is in it? Just having data, there are a lot of questions to answer:
📚 Information data is describing?
⚙ Relationships data elements?
🎭 Who is using data for what proces?
⚖ Inventory information being used ?

Being practical in some cases is giving "doing your math".

🔰 Too fast .. previous.

Contents

Reference Topic Squad
Intro ICT at an organization by layers. 01.01
Info-101 data governance 101 02.01
Viewpoints Data Perspectives. 03.01
modelling Logic in understanding of data. 04.00
securing Data - Software, Security Access SAM. 05.01
What next Change ICT - Transformations 06.00
Following steps 06.02

Progress


Naming conventions storing artifacts, objects. (I)

Delphi_odenon.jpg
Life Cycle, any component:
<idtapz-C>/
  1. I - Initial research
  2. D - Development
  3. T - Test validation technical
  4. A - Test acceptance usability
  5. P - Production Operational
  6. Z out of service archive
Two stages added to normal DTAP

umbrellas.jpg
unique business proces lines
B<process_id-NNN>
To get processes unique within an organization ... numbers.
Olympia_odenon.jpg
Classification System ICT artefacts
<process_proceeding-N>
All steps are applicable to any system although might be empty in cases. External delivery can be of any type.

Remarks:
Proceeding 7 is used with Human responsabilities (business oriented)
Proceeding 8 is used with Human education (doc)
Proceeding 8 is used with technical administrator overwrites

umbrellas.jpg
Classification System ICT artefacts
Artifacts (shared - subfolders)
<artifact type-Cccc>/
Not all are present in every proceeding
feel_brains_06.jpg

Naming conventions storing artifacts, objects. (I)


Proposal: Naming & managing hierarchy
The levels ordered:
  1. <idtapz-C>/
  2. B<process_id-NNN>
  3. <process_proceeding-N>/
  4. <artifact type-Cccc>/
  5. %*

As long combined string:
<idtapz-C>/B<process_id-NNN><process_proceeding-N>/<artifact type-Cccc>/ %*

Remarks:
A level like / might be left away when forced in an other way.
Bringing artifacts together simplifies versioning and releases. The approach will be container based release not artifacts based
C is a placeholder for a character
N is a placeholder for a number. The logical process identification might get different logical names in time
%* is a free to choose name for the artifacts

Proposal idea duplication, library classificationsy
udcdata is one of classification schemes.
The UDC is the world's foremost multilingual classification scheme for all fields of knowledge and a sophisticated indexing and retrieval tool. It is a highly flexible classification system for all kinds of information in any medium. Because of its logical hierarchical arrangement and analytico-synthetic nature, it is suitable for physical organization of collections as well as document browsing and searching. udcdata_00.jpg

log_legal1.jpg

Tools installing configuring, security meta definitions.

The legal requirement is doing logical and physical access control with a lot of attenton points. 💣 Too easy is ignoring logical access controls requitements, the statement physcial access control is sufficiënt. Activities are:
legal_27002_9.jpg
Installation

Administrate

Execution

Logs audit goal

Web Service

Job scheduling

business usage

logs business

Tools software releases

business application migrations

Tools - installation
Installations should not be done with a generic operating system master key (root).
Needed a non personal account (NPA) for the installation. This may be shared by tools in a similar risk profile. (NPA count=1)

Tools - operational running
Operations often goes by a service doing the very risky activity: starting other sessions and switching user privileges. These kind of processes should get a dedicated NPA with the least possible privileges. It doesn't need any access to business information business logic. (NPA count=2)

Tools - managing tool loggings
Audit logs should by automatically managed but inaccesible by all others inlcuding the one that administers the tool operationally (NPA count=3).

Tools - connecting business applications webservices.
This the front end connection having the front end security policies.
Connecting to business logic en information is adding the DTAP logical segregations. Every environment having his own NPA (NPA count +4=7).

Tools - automating business applications scheduling.
This the back end processing having the back end security policies.
Connecting to business logic en information is adding the DTAP logical segregations. Every environment having his own NPA (NPA count +4=11).

External connections - api keys extensions.
Segregations using external connections is anothter one to add by security policies.
Connecting to business information destination - source is adding the DTAP logical segregations. Every environment having his own NPA (NPA count +4=15).

log_legal1.jpg

Security compliancy, notes samples.

Connecting to other locations often goes by a "user-password" or worse an "application key". Storing that kind of inforamtion in an unmanaged way can cause a lot of problems.

💣 SAS is using their own storage approach (metadata) and hiding (hashing encoding). That dedicated way of sotring is not transparant. It is worse when realizing the passwords are to be reverted to clear text for the sake of the external connection. It is like a robot putting text there. Someone could tap into that.

SQL code samples.

Code source Description
--- Dictionary database processing (users/rights).


SAS code samples.

Code source Description
xkeypsw Using a managable Passwordvault without needing obscurity.
--- Dictionary database processing (users/rights).



Code source Description
--- Scheduling.

feel_longroad01.jpg

Change ICT - Transformations


Identity
blog See: "laws of identity in brief".

PIM, Privileged Identities
The required link, too often missed in security policy fundaments. The growing number of NP´s not seeing as manageble solution but well defined security seeing as threat.

Acces Control Lists, attribute based.
A long road to go. Focussing on the machine not seeing the pathway.


Following steps

Missing link

Some limited cases in practices are here.

Doing the gonvernance well the 👓 data processing is gonna be well.

What is not here: 👓 metadata & security concepts.



⚒    Links    ⚒ 👐    top bottom   👐
⚙    bpm    sdlc    bianl    data    meta    math    ⚙ 👐 🎭 index - references    elucidation    metier 🎭

© 2012,2019 J.A.Karman