Issues and Solutions Utilizing an Information Classification Schema - Term Paper Example

Information classification scheme Student’s Name: Institution: Date: Contents Contents 2 Executive summary 3 1.0 Introduction 4 2.0 Classification Schemes and Security Patterns 5 2.1 Security Patterns 6 2.2 Microsoft Classification Scheme 6 2.3 Enterprise Architectural Space Organizing Table 7 2.3.1 Architectural viewpoints 8 2.3.2 Interrogative 8 2.4 Classification based on system interrogatives and viewpoints 9 2.5 Security Schemes Classification Utilizing the Enterprise Architecture Space 12 3. Conclusion 16 Executive summary Conducting a research to find out appropriate outline to solve a specific problem utilizing information scheme is challenging due to lack of scientific classification scheme for security outline. An appropriate classification scheme assists in retrieval of information and efficient storage, which is an added advantage for both outline navigators and program pattern miners. In this report, I outline issues and solutions utilizing of an information classification schema I have chosen as an Information Security Manager tasked with reporting and researching on the protection of the product development information now and in the future. My proposed classification scheme utilizes security model to successfully partition the problems or issues, consequently solving the security pattern problems. Keywords: Classification scheme, security pattern, issues and solution 1.0 Introduction The proliferation and introduction of the internet expose program frameworks to tampering and intrusion from international attackers or simply the hackers. Program development needs to experience an outlook change. Numerous product frameworks that were already viewed as satisfactory have turned out to be insufficient. For instance, Sendmail, the greatest prevalent mail exchange operator (MTA), has been tormented with security weaknesses, because it was first misused by the Morris worm in 1988 (Soomro, Shah, & Ahmed, 2016). A software developer Eric Allman created Sendmail at the beginning of 1980s. The most important quality prerequisite for Sendmail was adaptability, which was a decent case of adaptable engineering since it bolstered different kinds of procedures. Prior to the use of the Internet, programming frameworks resembled isolated islands, secure from hackers or external intrusion (aside from a physical break-in). By then security was considered as far as secret word administration, get to control of undertaking data, confidential security utilizing some cryptographic model, or algorithm level security resemblance overflow. Program structure qualities such as proficiency, dependability, and accessibility were thought to be the essential quality prerequisites. Both program users and program developers require a classification scheme or a scientific classification. For the example, developers use of classification scheme implies the capacity to outline a program in an suitable scope. Along these lines, the developers would have the capacity to identify overlaps more proficiently. This will likewise make cross-referencing simpler, on the grounds that the program that offers elective solution for related issues will be adjoining in the classification scheme. With respect to clients, it is simplified to find a solution for a specific issue. In addition, elective solutions can be found and contrasted. Security engineer’s reuse demonstrated a solution for security issues by utilizing security designs. Alluding back to the Sendmail illustration, these security designs impacted most of the design decision made by the designers of Gmail (Hasheminejad, & Jalili, 2012). It is due to this reason the Board of Directors of 3D Media Comm. Ltd me tasked me as an Information Security Manager with reporting and researching on protection of the new social media marketing program development for both mobile app and desktop information now and in the future, which will be released in three months’ time. This paper reports on utilization of Microsoft classification scheme to identify the issues and solution and also develop an information security plan prior to release of the new program. 2.0 Classification Schemes and Security Patterns A vital non-functional prerequisite of a program is security. The security design documentation endeavors began in 1997. In this segment, as an Information Security Manager, I first start by describing security design of the new program development. Then thereafter, I will describe the use Microsoft classification scheme and identifying issues and possible solution associated with this scheme. “Design Patterns”, composed by the Gang of Four, have popularized the utilization of patterns in designing a software. The POSA group in their book explains architectural patterns. As the pattern has demonstrated to be valuable for designing of a software, there has been endeavors to record domain particular patterns, e.g. distributed system and concurrent and resource management. 2.1 Security Patterns Privacy has turned into an imperative worry to the development of computing power that has empowered both the analysis and storage of substantial capacities of information. Hafiz has recorded a series of protection configuration designs. Markus Schumacher pioneered a working team on a security designs. The team also propelled the e-mailing list and www.securitypatterns.org site (Smith, 2004). This book contained security designs from the area of big business security, what's more, risk administration, ID and verification, get to control, bookkeeping, firewall design, and secure web application. The patternshare site was propelled as a sole store to depict the examples. A major objectives of patternshare site is to restrict the covers and make a even terminology for experts. Patternshare site stored for security designs gives a diagram of the security designs works from different sources expelling the covers. The store had fifty-nine designs by march 2006. The vault was to be consistently refreshed with impending work from various sources. 2.2 Microsoft Classification Scheme In the year 2004, Microsoft Patten and Practice team presented a tabular classification scheme for design, essentially in view of the Zachman structure. The classification scheme summarizes the enterprise architecture space, which further demonstrates the connection among antiquities in the enterprise space (Rehman & Saba, 2014). The classification scheme according to Microsoft depends on four major bits of action. Zachman structure is the first one. The Zachman framework row of the table are built on roles and the columns are as a result of interrogatives (Whitman & Mattord,2013). The table contains seven columns, in addition, six of the seven columns are Zachman structure views. The 2nd major bit of work is the design principles specification set by IEEE 1471. According to this Microsoft classification scheme, rows are determined in a better granularity in comparison with Zachman structure by adopting the engineering standard specification set by IEEE 1471. In the table, the discrete perspectives implemented offer the Microsoft classification scheme more profundity on account of being precise. The 3rd major bit in the pattern is the enterprise architecture framework. The rows are influence according to the various stage of architecture. Lastly and the fourth major peace is of the scheme is impacted by the standard of trial driven development. In the table, they is the assessment column that is impacted by the ethics of assessment focused development. The objects contained in the table column would be included in this column. 2.3 Enterprise Architectural Space Organizing Table According to enterprise architectural space organizing table encapsulates various features of the program architecture, which is a two dimensional table. The cells in whole the table is well described by an architectural perspective or by an interrogative. The definition of the cell determines the classification of the pattern. 2.3.1 Architectural viewpoints It has five broad architecture perspectives that determine the table five rows. The five architecture are:- i. Development Architecture ii. Integration Architecture iii. Application Architecture iv. Business Architecture v. Operational Architecture In the architectural viewpoint, the Business Architecture perspective sum up the management and business viewpoint of a program development. In the Integration Engineering, perspective deals with the reconciliation between the systems within and the outer system in a business. In the Application Architecture, perspective deals with the system and programming components of an executable program. In the Operational Architecture, perspective deals with the operation of the functioning system. Lastly, the Development Architecture perspective encapsulates the efficient usage, which deals with the integration and application engineering. 2.3.2 Interrogative In spite of the fact that the perspectives give a reasonable order of the points of view, better granularity can be accomplished in light of the interrogatives according to the Zachman system. Test driven advancement and the interrogatives based from the Zachman structure are characterized by the seven sections (Ogiela, 2012). i. Data: Output and input resolution making process ii. Function: The mechanism used for architectural resolution making iii. Purpose: the goal behind an architectural decision iv. Network: Communication issues related to architecture v. Scorecard: Compliance checking with respect to requirements vi. People: These are issues concerning users of the system and the stakeholders vii. Timing: Timing issues related to timing of decision-making process and decision The essential role players in that point of view additionally divide each of the lines. For instance, the Business Architecture perspective is divided utilizing the four essential part players. These four part player comprises of process maker, process owner, General Manager, and Chief Executive Officer. For instance, taking the case of the Safe Data Structure design as a classification. The design is connected to evacuate the cluster limits inspecting weakness in a programming dialect with no waste groups (Cegielski, Allison Jones-Farmer,& Hazen, 2012). A framework written in C is defenseless against cushion overflow intrusion on account of insecure group operations, like perilous string array care of. Safe Data Structure design supports the incorporation of apportioned and long memory data with an information arrangement. Every exhibit-preparing libraries are usually re-composed because of the assigned and the length of the memory operation prior to handling the cluster. This design is considered in the improvement period of an application when the protected string handling libraries are composed or re-utilized. Subsequently, the design fits into the cell characterized by the Developer column of Application Architecture the point of view and the Function section. 2.4 Classification based on system interrogatives and viewpoints According to the security designs book from Wiley distributions presented a Zachman structure which is depended on by classification scheme for security designs. In the 1987 Zachman structure was presented as a table with the lines depicting the levels of the data show and the sections portraying the structural perspectives. The stages of the data model depend on three major structural portrayals one for every partner, i.e. the client or the proprietor, the architect and the developer. The proprietor has his own particular idea of the finished result. The draftsman makes an interpretation of these recognitions into the originator's viewpoint. The builder also includes the imperatives of the rules of nature and accessible innovation to brand a refinement of the engineer's arrangement. Going before these three perspectives is a gross portrayal of the end system that sets up a ballpark. Succeeding the three perspectives are the nitty gritty, out-of-extension portrayals of parts of the framework that are critical amid itemized improvement of the framework (Whitman, & Mattord, 2011). The 5 levels are the 5 lines in the Zachman system. The Zachman perspectives are shown in the six segments in the figure above: Data Function Location People Time Motivation Scope Designer(Contextual) Details of things significant to the business Details of procedure that business performs Details of locality in which the business runs Details of other business significant to the business Details of actions cycles vital to the business Details of business aims strategies Enterprise model Business Owner (conceptual) For example Sematic Model For example Business Process Model For example Business Logistics system For example Workflow Model For example Master Schedule For example Business Plan System Model Planner (logical) For example Logical Data Model For example Application Architecture For example Distributed System Architecture For example Human interface Architecture For example Process Structure For example Business Rule Model Technology Model implementer (physical) For example Physical Data Model For example System Design For example Technology Architecture For example Presentation Architecture For example Control Structure For example Rule Design Comprehensive Illustration Subcontractor (out-of –context) For example Data Definition For example Program For example Network Architecture For example Security Architecture For example Timing Defination For example Rule Design Functioning arrangement For example Data For example Function For example Network For example Organizattion For example Schedule For example Strategy In order categorize designs, altering the Zachman structure is done by including a column that represents the security perspective. For the security perspective every model level is addressed, starting with the enterprise degree to the point of point representation. Notwithstanding, a design means that to the point that the security column incorporates the security designs which happen with regards to the six different perspectives of the table. Alternate perspectives of the Zachman system principally manage different utilitarian traits of the framework while security is a non-useful property that ought to be orthogonal to the utilitarian perspectives of the framework. Subsequently, including security as an alternate view does not have a solution to the classification issues. Essentially this is simply classifying the security designs as indicated by the five perspectives of the Zachman system. This brings about the same classification as subdividing based on system levels. 2.5 Security Schemes Classification Utilizing the Enterprise Architecture Space Perspective Viewpoint Interrogative Pattern. count Example Pattern Business Architecture CEO Function 5 Security Needs Identification. Creating a link between security needs and enterprise assets Integration Architect Enterprise Architecture Function 2 Sign On once. Allowing users to have the rights to use different services in a network with no need of re-authentication on each request Application Architecture Architecture Data 2 Error Detection and Correction For error correction and detection redundancy should be utilized Function 27 Distinct Access Point. Each process should have a Single Entry Point. Design Network 4 Firewall. Traffic should be Filtered traffic based on the state of information. Data 4 Storage that is Encrypted. Encryption should be used to protect Application and Server data Function 12 Server Sandbox. Clients activities limited by running servers with few privileges. Developer Function 1 Safe Data Structure. length information in the Memory buffers is checked before allocation. Test 1 Hack Thyself. The system’s security is tested by attacking it. Operational Architecture System Architecture Function 1 Rather than demanding re-design of the sys-stem try gettinb quick fixes -tem every time a vulnerability is found. The security design storehouse in the patternshare site gives a thorough list of security examples from various sources. As of now it has fifty-nine designs. The patterns are arranged utilizing the The table above summarizes the up to date classification The advantage of such a characterization plan is, to the point that it plainly recognizes the setting of every pattern. Along with this pattern, design route ends up noticeably less demanding. Clients can investigate particular cells in this table such as the setting of some issues, and search for solutions. It can also be utilized in establishing patterns that are missing. For instance, in cases where some patterns are characterized in a single setting yet the client is searching for a particular pattern in an alternate setting, the possibility is that this same design exists in this setting and the patterns are connected (Vacca, 2012). Besides, posting a similar pattern in various settings with differing granularity will lead to different patterns that are in more than a single cell in a table. In such cases it will be less demanding for pattern route, yet, such patterns will be difficult to deal with. The connection with classification plot is that various security designs can not be characterized by a cell. An example is a Test section that covers every pattern that is suitable for testing with the issue of not being distinguished by a single take, so it overlaps the whole segment (Mavlanova, Benbunan-Fich, & Koufaris, 2012). According to the plan that we developed, it was placed in the cell that was characterized by the Developer column of Application Architecture, yet plainly it can be placed in whatever other lines of the test section. Moreover, the Enterprise Security Services design guides in the endeavor of choosing security administrations that will benefit it, in light of an aversion, location or reaction technique. Such a pattern is utilized at those periods when the entire business objectives are set. It is hence utilized by the General Manager in the Business Architecture group and the CEO (Bunke, Koschke, & Sohr, 2012). In any case, an essential issue may be that the utilization of such a pattern includes all segments since every one of the interrogatives is concealed when the overall business objectives are being set or when picking security administrations for them. The Defense in Depth design is the considerably the best of all charming. This design advocates the utilization of various security checks in the layers of the application. If individuals are bound by requirements such that a Pattern must be grouped into a cell no one but them can give a contention to ordering such a pattern in a cell characterized by the function section and the Architect line of Application Architecture groups. However, the extent of this kind of a pattern is more extensive. Safeguard inside and out is to a greater extent a security standard and in this way, its setting is characterized by different segments and lines and of a table. Some of the designs that arranged with non-practical quality traits (e.g. execution, security, dependability and so forth.) may in most cases cover different levels of framework design (different table lines) and furthermore numerous interrogatives (numerous segments). It can be noted that the table is more productive in characterizing functional patterns since the valuable patterns are more per interrogatives of framework design and the points of view. Better granularity is seen in the table more than in the Zachman system, in any case, patterns are regularly grouped since different qualities not specified in the table. Therefore, it is difficult to recognize an unwavering quality pattern Standby and a security design Compartmentalization because of the two dwell in a similar cell, recognized by the developer push of the Function section and the Application Architecture groups. An example of a side effect of an order plan that is not successful, is skewness, i.e. at the point when an excessive number of patterns are grouped to be in a similar parcel. The depiction of the security design arrangement table at pattern share uncovers this skewness. In such a characterization plan, the populace under the Function segment is predictable. The skewness in a characterization framework is not an indication of its unseemliness. Having an on of patterns in one cell makes it hard to peruse designs. Sorting out table uses distinctive symbols for the patterns developers. 3. Conclusion The security design classification discussed in this report integrates Enterprise Architecture Space component with a traditional table-based approach. Some of the parameters utilized in various enterprise architecture space may be different from the presentation of the developed security designs. Moreover, it is not surprising on the grounds that classification scheme should change keeping in mind the end goal to better exemplify the changed reality. A helpful augmentation of the planned classification scheme can include of meta-data indicating those connection among patterns. This patterns are to be extended into pattern dialect that would ensure that the clients explore the designs in a practical way. The design classification would be helped by pattern dialect and should as well be valuable for recording design development directed by some of the related examples. References Beckers, K., Côté, I., Faßbender, S., Heisel, M., & Hofbauer, S. (2013). A pattern-based method for establishing a cloud-specific information security management system. Requirements Engineering, 18(4), 343-395. Bunke, M., Koschke, R., & Sohr, K. (2012). Organizing security patterns related to security and pattern recognition requirements. International Journal on Advances in Security, 5(1). Cegielski, C. G., Allison Jones-Farmer, L., Wu, Y., & Hazen, B. T. (2012). Adoption of cloud computing technologies in supply chains: An organizational information processing theory approach. The international journal of logistics Management, 23(2), 184-211. Cherdantseva, Y., & Hilton, J. (2013, September). A reference model of information assurance & security. In Availability, reliability and security (ares), 2013 eighth international conference on (pp. 546-555). IEEE. Hanlon, E. J., & Sanvido, V. E. (1995). Constructability information classification scheme. Journal of construction engineering and management, 121(4), 337-345. Hafiz, M., Adamczyk, P., & Johnson, R. E. (2012, October). Growing a pattern language (for security). In Proceedings of the ACM international symposium on New ideas, new paradigms, and reflections on programming and software (pp. 139-158). ACM. Hasheminejad, S. M. H., & Jalili, S. (2012). Design patterns selection: An automatic two-phase method. Journal of Systems and Software, 85(2), 408-424. Kanday, R. (2012, September). A survey on cloud computing security. In Computing Sciences (ICCS), 2012 International Conference on (pp. 302-311). IEEE. Klusch, M. (Ed.). (2012). Intelligent information agents: agent-based information discovery and management on the Internet. Springer Science & Business Media. Kumar, D. (2006). U.S. Patent Application No. 11/423,863. Lovejoy, K., & Saxton, G. D. (2012). Information, community, and action: How nonprofit organizations use social media. Journal of Computer‐Mediated Communication, 17(3), 337-353. Mavlanova, T., Benbunan-Fich, R., & Koufaris, M. (2012). Signaling theory and information asymmetry in online commerce. Information & Management, 49(5), 240-247. Myrick, C. B., Hixon Jr, H. W., Koll, C. M., & Whittle Jr, R. L. (2007). U.S. Patent No. 7,162,427. Washington, DC: U.S. Patent and Trademark Office. Ogiela, M. R., & Ogiela, U. (2012). Linguistic protocols for secure information management and sharing. Computers & Mathematics with Applications, 63(2), 564-572. Rehman, A., & Saba, T. (2014). Evaluation of artificial intelligent techniques to secure information in enterprises. Artificial Intelligence Review, 42(4), 1029-1044. Smith, A., Neymeyer, N., Essenmacher, D., Meade, T., Lohr, R., Reddy, S., ... & Kirk, C. (2004). U.S. Patent Application No. 10/853,700. Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs more holistic approach: A literature review. International Journal of Information Management, 36(2), 215-225. Whitman, M., & Mattord, H. (2013). Management of information security. Nelson Education. Whitman, M. E., & Mattord, H. J. (2011). Principles of information security. Cengage Learning. Vacca, J. R. (2012). Computer and information security handbook. Newnes. Read More