| | 1.6 Architecture
21. Protection Strategy | | |
|---|
| 1.6 Architecture: 21. Protection Strategy: | | 1. Security and privacy have an integrated strategic and tactical significance that dominates all other issues. Data protection comes from tactical security methods based on strategic privacy requirements and objectives. Business and process protection comes from security methods that elevate business data into information and knowledge. | | 2. Every bespoke application service is strategically the most private in the world and tactially the most secure in the world. This is because if any vulnerability was uncovered, revenue from the bespoke application service would cease as the customer switches to another vendor. One hundred percent perfection is the only way that revenue can be expected into the future. | | 3. Perfect protection is based on just three principles as:- | | (1) Encrypt every business data field value using a very large number of different encryption methods. Encryption means that business data cannot be stolen and the threat of a data breach is eliminated. | | (2) Replicate encrypted business data a very large number of secure data centers. Replication means that business data cannot be lost and the threat of a data breach is eliminated. | | (3) Knowledge as business rules is used to drive an artificial intelligent assistant to replace programming. Knowledge means that programming errors are eliminated and maintenance downtime is eliminated. |
| 2. Replicated Encrypted Knowledge: | | 1. While criminals and agencies know how to attack and reverse engineer application programs using malware, nobody has discovered a way to attack replication encrypted knowledge. Block chain as used by digital currencies like Bit Coin is a kind of replication encrypted knoweldge that the finest minds in the world with access to massive computing power are unable to crack. A private block chain of replication encrypted knowledge is many times more secure than public bit coins. | | 2. Malware, viruses, trojans and ransomware are kinds of application programs that need to run on a computer, but the artificial intelligent assistant is distributed across a large number of servers that are locked to prevent any application program from being executed. The way that criminals use tools to attack application programs will never work because the business logic is encrypted as knowledge. Knowledge has never been attacked by any malware and it may not be practical to design any malware to attack knowledge. | | 3. While criminals and agencies can steal data, they may find it is not practical to steal knowledge. I know how to ride a bike, but no matter how hard you try, you cannot steal that knowledge and a person that does not know how to ride a bike will never be able to use my knowledge. | | POLICY: Theft has been eliminated. |
| 3. Artificial Intelligent Assistant: | | 1. Deployment of each bespoke application service uses that same artificial intelligent assistant that is designed to never stop and cannot be stopped. By replicating in real-time, the same knowledge to a large number of secure data centers, any one instance of the artificial intelligent assistant can provide the bespoke application service. | | 2. In the event that a data center is not available for any reason, other data centers continue to provide the bespoke application service. Once the number of integrated secure data centers exceeded ten physical locations, the possibility of any downtime was reduced towards zero. As the number of integrated secure data centers is close to one hundred physical locations, the concept of "non-stop" and "unstoppable" has been achieved. | | 3. The artificial intelligent assistant has been taught how to dynamically create an instance in a new data center - expansion is only limited by financial costs to rent space and equipment in secure data centers. Every new data center provides a continuing backup to all other data centers. | | POLICY: Downtime has been eliminated. |
| 4. URL Policy: | | 1. The browser address bar holds the URL that is the primary attack vector used by criminals. A very large number of evolving URL design methods are deployed to ensure that no amount of monitoring will detect any reusable pattern. | | 2. Every private URL can only be used by one approved person within the next hour - no private URL can be reused and every private URL shall expire after one hour. Every public URL is reusable and may be bookmarked, but even public web pages have a defined life cycle and may not be guaranteed to be operational in one years time. | | 3. A private URL is encrypted in such a way that any manipulation will be instantly detected and the criminal blacklisted to prevent any further manipulation of the URL. A recording of a URL sequence can never be replayed because once a URL is used, it will never be used again to show the same business data. | | 4. Cross Site Scripts is a common attack method where a criminal will inject JavaScript into a web page to cause an approved user to disclose some business data. Cross site scripts threats have been eliminated by using sessions that prevent injected scripts from being processed by an approved person. | | POLICY: URL manipulation has been eliminated. |
| 5. SQL Policy: | | 1. The most common criminal attack method is known as SQL Injection that has been eliminated. Every SQL request is pre-compiled and bound to its parameters via a reusable sanitation method. | | 2. Because every business data field is encrypted, the role of SQL injection is not practical. Because all SQL definitions are generic and just a set of obfuscated numbers, a criminal attack has no foundation. | | 3. Because every field value is encrypted, the result of an SQL injection attack would be meaningless and worthless to a criminal. | | POLICY: The theft of data has been eliminated. |
| 6. Two Controls Policy: | | 1. A complex application is easy to design, but simplity takes a lot of dedication, evolution and skill. Vulnerabilities are reduced by simplicity and increased by complexity. | | 2. A bespoke application service is designed to use two and only two data entry controls as:- | | (1) Text Data Entry where a field value must be entered within a permitted range of characters or numbers. | | (2) Drop down List where a field value must be selected from a list of permitted values. | | 3. No other controls are used so training costs are minimised, data entry vulnerabilities are eliminated by encrypting every field value and invalid business data values cannot exist. Every business field value is specified in a data dictionary where its permitted values, purpose and life cycle are defined. | | POLICY: Data quality is maximised. |
| 7. Two Forms Policy: | | 1. Every bespoke application service is just a large collection of forms that are specified by business rules. Business rules are continually evolving, so forms evolve to keep pace with the business requirements. | | 2. A bespoke application service is designed to use two and only two forms as:- | | (1) List of many records as a spreadsheet or report. | | (2) Form of many fields as a document or data entry form. | | 3. No other forms are used so training costs are minimised and a consistent user-interface is deployed for the entire bespoke application service. An improvement to one form can mean an improvement to all forms of the same kind to retain consistency. | | POLICY: Data quality is maximised. |
| 8. Data Fragmentation Policy: | | 1. Security-by-design includes pseudonymisation that means that significant field values are replaced with tokens. Rather than store all fields in a logical record, a record is fragmented into many different parts with no indication of what parts fit together. | | 2. Tokens are obfuscated by algorithmic derivation that identifies a field value in a different table or file. For example, the contact name field in a customer record is replaced with a token so if a criminal accessed the customer record, they would not be able to see the contact name. The token is used algorithmically to lookup a a string of numbers hidden in a photograph where that string of numbers can be decrypted as the contact persons name. | | 3. A large number of different pseudonymisation methods are deployed to ensure that if one method is cracked, other methods remain secret. | | POLICY: The threat of data theft has been eliminated. The liability of a data breach has been eliminated. |
| 9. Date Storage Policy: | | 1. A large number of field value represent a date such as date of birth. Security-by-design encrypts all date field values in a way that cannot be reverse engineered by agents with massive processing power. | | 2. A date may be represented by the count of the number of multi-second units since a historical event to the date of birth. The multi-second units may be a count of 987 second units. The historic event may be the date that John Brown was married. | | 3. The stored count of units is just a number with no self evident way to deduce the historic event or the multi-second units that have been counted. The third letter of a persons name is in a range of 1 to 26 that may imply a historic event. The 4th and 5th digits of the persons identity may be used algorithmically to derive the multi-second units to be used. | | POLICY: The threat of data theft has been eliminated. The liability of a data breach has been eliminated. |
| 10. Text Storage Policy: | | 1. A large number of field values are text as a string of letters and optional numbers. In many cases, the field value is padded out to a fixed length to prevent the field value being guessed by length. | | 2. The "five bucket" encryption method is typical in that it cannot be reverse engineered by powerful computers. Each character is converted to a two digit number and each number is dropped in the next available bucket in sequence. An effect is that each character is represented by the contents of two buckets. The digits in some buckets is reversed, in others it is moved end-around and in others it is algorithmically scrambled. The contents of the buckets are then extracted in a sequence determined by the value of a different field in the same record. The string of numbers are scrambled and converted to a string of letters with padding inserted by a formula. | | 3. Encryption methods like five buckets are used in multiple layers so the decrypted result of one method is just a string that is entered into the next encryption method. How many layers are used is not known to a criminal and so a robotic decryption tool is not likely to work. | | POLICY: The threat of data theft has been eliminated. The liability of a data breach has been eliminated. |
| 11. Data Sovereignty Policy: | | 1. Data sovereignty is determined by the legal territory that stores the business data. A court may order that specific data must be decrypted or encryption keys must be disclosed. | | 2. However sovereinty is totally dependent on the physical location of the business data. It can be very hard to say where encrypted data is physically located because it is plausible to say that encrypted data does not exist in any physical location. How can business data pertaining to John Brown be the subject of a court order when all business data is unreadable and plausible to say that it does not exist. | | 3. Replicated encrypted knowledge is never in one place and always in many places to the extent that any one place may be destroyed and the bespoke application service continues. By continuing to provide the same bespoke application service after a data center has been deleted is evidence that the business data may not have been not stored at that data center. Distributed data centers are located in many different legal territories so no single court has the ability to demand data from every data center. | | 4. Replicated encrypted knowledge is never in one place and always in many places to the extent that any one place may be destroyed and the bespoke application service continues. | | POLICY: The act of asking "where is the business data" is meaningless because it is plausible to say nowhere - raw business data is never stored. |
| 11. Data Ownership Policy: | | 1. Copyright law dictates that the person who authors the data owns the data. Where a company pays a person to author the data, then the company owns the data. | | 2. Personally Identifiable Information (PII) may be loaned by person to a company, but people always retain the right to withdraw their concsent for the company to use PII. People have the right to know how their PII will be used, when it will be deleted and if it will be shared with others. People have the right to be given a copy of all their PII, to have defective PII corrected and to have all PII deleted. | | 3. Subject Access Request (SAR) is a formal request by a person to be given a copy of all their data. A simply what to minimise costs and gain consent is to give each person access rights to view their own data as a private online request. This enables corrections to be made and provides evidence that the company is using its best endevours to keep the PII accuract and up to date. | | 4. Every customer contact and supplier contact has the right to access their own data, to correct their own data and to request that their data is deleted (right to be forgotten). How and when consent is granted by a person to use their data is mandated information and that consent may change at any time. Subscription management of consent change history must be recorded as evidence. | | POLICY: People own their own data however that data is encrypted when stored and encrypted when communicated. It is always plausible to say that information about a specific person does not exist because that person could never prove otherwise. |
| Conclusion: | | 1. Replicated Encrypted Knowledge is the single most significant factor to provide privacy and security. This foundations is supported with a raft of data policies that add tactical methods that mutually support one another. | | 2. The vast majority of application service provides are locked into obsolete programming methods using legacy in-house equipment that is not fit-for-purpose. A company that have invested many millions into building up a massive software portfolio have not yet figured out that the software that is said to be a business asset is in fact a liability with massive maintenance costs. How can the IT Director tell the Board that the millions spent on the "new" application system is already obsolete and will cost even more to maintain until it is finally replaced. How can the IT team made up of programmers and ex-programmers forget everything they know and learn about artificial intelligence and knowledge engineering with declarative business rules. The fact is that most companies have people with job titles that prevent them from doing things outside those narrow job titles, such as learning about knowledge. | | 3. Continual evolution of knowledge engineering for the past forty years is an unusual pedigree that will be hard for any competitor to emulate. | | POLICY: As an Application Service Provider, the priority mission is data protection - protection happens with replicated encrypted knowledge that cannot be stolen and cannot be lost. |
| Document Control: | | 1. Document Title: Protection Strategy. | | 2. Reference: 161621. | | 3. Keywords: ITIL Data Business and Process Protection Strategy. | | 4. Description: ITIL Protection Strategy. | | 5. Privacy: Public education service as a benefit to humanity. | | 6. Issued: 13 Feb 2017. | | 7. Edition: 2.2. |
|
|