Professional Documents
Culture Documents
Administrative Security and Management Rules
Administrative Security and Management Rules
Administrative Security and Management Rules
Student Name
Course Name/Number
Affiliated Institution
ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 2
Abstract
and strategies. Coincidentally, emerging developments generate new flaws and introduce
though solutions have been introduced to alleviate the threats posed by data breaches, the
services are provided at a cost According to IBM 's X-Force Threat Intelligent Report of
2016, the cumulative average infringement expense amounted to about $3.79 million, a spike
confidentiality, honesty and availability to information and information systems This paper is
focused on exploring information security and its intersection with machine learning as it
1. INTRODUCTION
management rules become a necessity. For instance, over a national defence system
credibility of monetary fund transfers and transaction strong integrity controls are
fundamental. Virtualization, digitization, and the development of new innovative tech such
as bring your own device (BYOD), big data, internet of things cloud computing, among other
The purpose of this article is to explore the intersection between information security and
rules. Machine learning technologies have been seen to be applicable in solving problems
through speech, text and image recognition. Organizations can now collect large sets of
internal and external security data and apply machine learning techniques to help them
Research Objectives
security controls.
controls
efficient.
2. RESEARCH ANALYSIS
Data security is the defense against violations to the confidentiality, honesty and
and computer systems, security is accomplished. Most information systems are very critical
network elements for data collection, storage, retrieval, and distribution, and content,
expertise, and digital product delivery. Data protection is targeted at maintaining secrecy,
honesty, and transparency while verification, clearance, and non-repudiation are the rules
relating to the individuals that access the information and computer systems. These concepts
a) Confidentiality
ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 5
unauthorized personnel. If material is read or copied by someone who is not allowed to do so,
the effect is called confidentiality loss. Ensuring that information is secure from authorized
personnel is very important to vital sectors. Some of the information that requires top-notch
protection include medical and insurance records, specifications for new products to be
released into the market, research data and investment plans for corporations. In some cases,
corporations are legally obligated to protect credit card information, personally identifiable
information (PII) and health records to ensure that the privacy of their clients is protected.
b) Integrity
particularly relevant for sensitive security and financial data used for operations such as
c) Availability
ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 6
Availability means that the data can be accessed by legally authorized users whenever
need arises. incase information is inaccessible the phenomenon is known as denial of service.
Manual (2006), identifies risk management as the identification of threats and vulnerabilities
that might impede the achievement of organizational goals. Risk management strategies are
Identification of critical information assets and systems such as data and databases,
Identification and assessment of threats associated with the information assets and
systems such as accidents, acts of war, malicious acts and acts of nature that might be
Assessment of vulnerability and determine the probability that the vulnerability will
be exploited.
proportional response.
incident that can cause loss of confidentiality, integrity and availability. Machine learning
Physical controls – these control and track the working climate and the computing
infrastructure. they also track and control connections from and to those facilities. For
example: heating and air conditioning, doors, windows, fire and smoke detectors,
which the company is going to meet its day to day operational requirements. examples
Logical controls – Logical controls are also known as technical controls. They
typically used data and software to control and monitor access to privileged
information and information systems. use software and data to monitor and control
of logical controls. Other examples are, network firewalls, systems to detect intrusions
3. MACHINE LEARNING
computational learning theory and pattern recognition. The concept explores the evolution
and construction of algorithms that can learn from and forecast outcomes. The technology
enables computer to find patterns, organize information and learn tasks through the
speed.
ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 8
Some of the key characteristics of machine learning are iterative aspects of the
technology that enable it to independently adapt models that are exposed to new data. They
can also learn to produce repeatable, reliable results and decisions from prior computations.
While many early AI programs were reliant on human programming and rule-based, Machine
learning is a technique that helps computers to educate themselves, and to create their own
laws.
The growing varieties and volumes of data available coupled with cheaper and more
potent computational processing and storage enables the automation of models to analyze
complex and big data within lesser time accurately and on a large scale. This leads to better
outcome predictions and consequently better responses in terms of decisions made without
Based on the nature of the learning, machine learning is divided into three main
categories:
Supervised learning: This is the most important learning task for the machine as it
involves the development of a model. The algorithm first discovers the laws of the
original classification category by evaluating the training data collection. Such laws
are then added to the validation or evaluation data collection and the results are used
to refine the parameters of the laws. Finally, the tailored rules are added to the test
data collection, and the tests determine both the "trust" level and the "support" level
for each rule. In other words, the machine is provided with illustrational inputs and
their expected outputs, and the objective is to establish a rule of thumb mapping
learning, which uses an algorithm to classify the objects within its domain from data
already identified with the algorithms of the language used in machine learning.
Unsupervised learning: The learning algorithm doesn't give names, so finding order
in their data is left alone. Unmonitored learning may be a means to achieve a result or
needs to achieve a certain task without a direct instruction from a teacher informing it
that it has come close to its target. Another example is the ability to play a game with
an opponent
robotics.
Machine Learning technologies can process security data in two modes as described
below:
Stream Processing – this mode of security data processing was designed to interpret
data flow and to operate on it in real time. Stream processing systems manage high
volume in real time with an architecture which is flexible, readily accessible and
ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 10
ideal mode to process data streams required for fraud detection and system and
Machine learning and big data are two inseparable concepts. Machine learning
technologies depends largely on big data for intelligence information. Big Data refers to
identified that the current data in the world has been created over the past few years. This is
attested to the noted increase in data production. The data is often machine generated,
ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 11
unstructured or human data. Examples of unstructured human generated data include word
notes, telephone text messages, Facebook and LinkedIn updates, or business or individual
web sites. Specifically, machine learning will leverage on internal and external security data
generated or collected like network packets, security logs, application logs, and external
It is imperative for organizations to migrate towards security models that are intelligence-
driven. The RSA Security Brief of January 2013 contested that such a model would rely
on information from external and internal sources to deliver a comprehensive security and
Machine learning will play a big role in information security sector as corporations deal
with information security risks that result from four predisposing conditions:
other networking trends create new vulnerabilities that could have devastating
outcomes.
to ensure that their customers, suppliers and partners can easily access their data so as
to push for innovativeness and cooperation, they heighten their vulnerability to data
theft and misuse. Corporate apps and data are now rapidly accessible from cloud
ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 12
providers and mobile devices, thereby undermining the limits of the corporate
signatures.
Monitoring and analyzing network packets, system events, and logs- Traditionally,
forensics and intrusion detection has been a major problem; however, conventional
techniques fail to provide all the framework necessary to enable long-term, large-scale
Response practices, incident detection and risk management practices are getting
supplemented by the availability and growth of both internal and external security
analytics activities.
Depending on the organization, data requirement may vary. At the minimum, the
following distinct type of data and data sources should be harnessed. The list will grow as
User activity
Firewall logs
ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 13
Application logs
Asset data
DNS-specific logs/events
security information from external sources. In the forensics world, it is referred to as Proof on
a device showing that network security has been compromised. Investigators typically collect
this data after being told of a suspected event, on a regular basis, or after irregular network
call-outs are detected. The data is collected to create "smarter" software capable of
compromise are virus signatures, Internet Protocol address blacklist, MD5 message-digest
algorithm hashes, malware files, and Uniform Resource Locator (URL) or domain names of
The initial step to applying machine learning solution to solve information security
problems is to establish big data architectures to collect, store, and manage security-related
information. Algorithms would be applied to the security data in the learning modes to enable
computers to model those data. These models are thereby applied on a set of security data
ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 14
through batch or stream processing to detect anomalies. For instance, computers can be
modeled to understand the dynamics of all the virus signatures, MD5 hashes, malware files,
IP and DNS black lists, and detect patterns related to them. Karim, Salleh, and Khan, (2016)
describes the use of Smartbot Machine Learning Technology to prevent the prevalence of a
large-scale attacks caused with the use of bot infested mobile devices to initiate and conduct a
integrity, and confidentiality of information and the systems that provide such information
INPUT OUTPUT
Machine learning technologies would generally help organizations detect unknown and
predict future threats. Specifically, the technology would play the following role in
Data Identification and Classification -this is one of the most common tasks done by
machine learning algorithms. Machine learning methods particularly can help look at a
complicated set of data and identify the processes that generate such data. The machine
ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 15
learning method generates a model that can be used to determine the correct classification of
potential objects based on the identified dataset. Cylance helped the US Office of Personnel
analyze massive amounts of data. (Forrest, 2016). In addition, Machine learning also serves
other uses, including information technology security to detect sensitive resources and
unwanted information technology assets within an enterprise by analyzing use trends, and
connections with other users and servers, the normally open software or their daily operating
hours.
Fraud Prevention - -- Whether financial manipulation, procurement fraud or the illegal use
behavioral data and other disparate metrics to differentiate between malicious and legitimate
business practices. Session intelligence and behavioral and click-stream analysis have been
expected to converge to combat the misuse of business logic in which criminals find a
weakness in the operation of an IT-based program and manipulate it for illegal benefit.
information from sources such as traffic on the website, security devices, business processes,
firewall and other daily transactions. This sum of data and the frequency analysis of incidents
Enterprise Events Analytics – Machine learning will address the problem of increasing
security relevant data generated from event logging. Machine learning algorithms can be
data sets data sets. For instance, HP research Lab collected terabytes of Domain Name
Internet Service Provider (ISP). The objective was to identify botnets, malicious domains and
other malicious activities in a network using the rich source of DNS information. After
training the machines to understand the features that are indicative of maliciousness, various
malicious practices were identified from the internet service provider data set.
Advanced Persistent Threats Detection (APT) – Machine learning will prevent and or
attack on an object or physical device that is of high importance. An APT uses leaked
account password or zero-day vulnerabilities to prevent warning causes. This type of attack
may occur over a longer period of time, while the victim remains unaware of the intrusion.
For instance, in 2010 Verizon data breach audit report concluded that evidence of data breach
was reported in company logs in 86 percent of cases, but security alarms were not raised by
the detection mechanisms (Verizon, 2010). The vast volume of data to be sifted through in
pursuit of abnormalities is a problem when identifying APTs. Because of the data volume,
traditional perimeter defense network systems can become ineffective in detecting targeted
attacks and cannot be scaled to the increasing size of organizational networks. As a result, the
techniques of machine learning can be used to profile host behavior or user activities within a
protection priorities to help businesses cope more efficiently and proactively with threats.
Therefore, companies should recognize shifts in their risk profile and respond as soon as
possible.
6. CONCLUSION
ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 17
Machine learning technologies can help organizations better secure their knowledge and
computer systems' secrecy, credibility and availability by gathering, storing and reviewing
internal and external security data to identify unknown and anticipate potential threats.
machine learning technologies to be more proactive and detective in dealing with security
threats. This also implies that organizations should build an effective information security
architecture, implement scalable big security data solution, build analytic skills and leverage
threat intelligence.
ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 18
References
http://www.cisco.com/c/dam/assets/offers/img/600/midyear-security-report-2016-
preview-600x781.jpg
Cloud Security Alliance (2013, September). Big Data Analytics for Security Intelligence.
Retrieved from
https://downloads.cloudsecurityalliance.org/initiatives/bdwg/Big_Data_Analytics_for_Se
curity_Intelligence.pdf
Curry, S., Kirda, E., Schwartz, E., Steward, W. H. & Yoran, A. (2013, January). Big Data
https://www.emc.com/collateral/industry-overview/big-data-fuelsintelligence-driven-
security-io.pdf
Henry, R. & Venkatraman, S. (2015). Big Data Analytics: The Next Big Learning
vid=2&sid=bbfd f06a-a049-41f0
8347820ab6901474%40sessionmgr106&hid=117&bdata=JnNpdGU9ZWRzLWxpd
mUmc2NvcGU9c2l0ZQ%3d%3d#db=bth&AN=111483026
IBM (2016, March). IBM X-Force Threat Intelligent Report. IBM Security. Retrieved from
http://www.foerderland.de/fileadmin/pdf/IBM_XForce_Report_2016.pdf
ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 19
https://www.techopedia.com/definition/10282/information-security-is
https://en.wikipedia.org/wiki/Information_security
InfoQ (2016, November). Real-Time Stream Processing as Game Changer in a Big Data
https://www.infoq.com/articles/stream-processing-hadoop/
ISACA (2015). CISA Review Manual (26th ed.). Meadows, IL: ISACA
Karim, A., Salleh, R., & Khan, M. K. (2016). SMARTbot: A Behavioural Analysis
vid=2&sid=07b1 a206-6f61-43fb-b808713d6424276c
%40sessionmgr4006&hid=4105&bdata=JnNpdGU9ZWRzLWxp
dmUmc2NvcGU9c2l0ZQ%3d%3d#AN=113767961&db=a9h
https://en.wikipedia.org/wiki/Machine_learning
Machine Learning: What it is and why it matters". (2016, November) Retrieved from
http://www.sas.com/it_it/insights/analytics/machine-learning.html
Samuel, A. (1959). Some Studies in Machine Learning Using the Game of Checkers. IBM
Tipton, H. (2009). Official (ISC)2 Guide to the CISSP CB. K (2nd ed.). Raton, FL: CRC Press,
Tech Republic, (2016, September). How Machine Learning and AI will Save the Entire
ai-will-save-the-entire-security-industry/?
ftag=TREa988f1c&bhid=24211067649038250745162196717495