Running Head: ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 1

Administrative Security and Management Rules

Student Name

Course Name/Number

Affiliated Institution
ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 2

Abstract

Information Technology systems, tech vendors, cloud-based, and internet-linked

applications are increasingly advancing as a result of the information technology

environment's dependency on them to promote the acquisition of organizational objectives

and strategies.  Coincidentally, emerging developments generate new flaws and introduce

operating spaces that pose significant ramifications if exposed to risky scenarios. Even

though solutions have been introduced to alleviate the threats posed by data breaches, the

services are provided at a cost According to IBM 's X-Force Threat Intelligent Report of

2016, the cumulative average infringement expense amounted to about  $3.79 million, a spike

in the firm's stolen records in 2015, confidential data losses, affected branding, and

organizational credibility. Data security is the defence against violations to the

confidentiality, honesty and availability to information and information systems This paper is

focused on exploring information security and its intersection with machine learning as it

relates to administrative security and management rules.

ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 3

1. INTRODUCTION

Across every organization information security is considered an intricate issue. Thus, in

need of addressing based on various requirements including credibility, accountability,

confidentiality and integrity. Emphasis on these requirements is characterized and

categorized differently by their application. Therefore, as technological and

telecommunication advancements intensify and development communication networks,

management rules become a necessity. For instance, over a national defence system

confidentiality of classified information is the major concern, whereas, in ensuring the

credibility of monetary fund transfers and transaction strong integrity controls are

fundamental. Virtualization, digitization, and the development of new innovative tech such

as bring your own device (BYOD), big data, internet of things cloud computing, among other

connectivity advancements provide organizational assistance leading to the achievement of

efficiency across different sectors.

The purpose of this article is to explore the intersection between information security and

machine learning to understand the implications of administrative security and management

rules. Machine learning technologies have been seen to be applicable in solving problems

through speech, text and image recognition. Organizations can now collect large sets of

internal and external security data and apply machine learning techniques to help them

address risk and respond to security incidents in a more rapid fashion.

Research Objectives

 Discuss information security concepts including risk management and technical

security controls.

 Examine machine learning and information security’s background

ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 4

 Identify conventional security approaches weaknesses, focusing on logical security

controls

 To discuss and address machine learning weaknesses in making risk management

efficient.

 Identify trends in machine learning security approaches will be identified.

2. RESEARCH ANALYSIS

2.1. Information Security Concepts

Data security is the defense against violations to the confidentiality, honesty and

availability to information and information systems. ("Information Security," n.d.); also

known as security objectives. Conceptually, by prohibiting unauthorized entry, use,

dissemination, disturbance, alteration, inspection, monitoring or degradation of information

and computer systems, security is accomplished. Most information systems are very critical

to facilitating, planning, controlling, coordinating, and decision making in an organization.

(Tipton, 2009). Depending on the sensitivity, or criticality, organizational information can

include proprietary information, business data records, sensitive personnel information,

network information, password protected files, medical and insurance records.

Additionally, Data infrastructure is an interconnected range of hardware, software, and

network elements for data collection, storage, retrieval, and distribution, and content,

expertise, and digital product delivery. Data protection is targeted at maintaining secrecy,

honesty, and transparency while verification, clearance, and non-repudiation are the rules

relating to the individuals that access the information and computer systems. These concepts

are discussed as follows:

a) Confidentiality
ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 5

The concept of confidentiality connotes the protection of information from

unauthorized personnel. If material is read or copied by someone who is not allowed to do so,

the effect is called confidentiality loss. Ensuring that information is secure from authorized

personnel is very important to vital sectors. Some of the information that requires top-notch

protection include medical and insurance records, specifications for new products to be

released into the market, research data and investment plans for corporations. In some cases,

corporations are legally obligated to protect credit card information, personally identifiable

information (PII) and health records to ensure that the privacy of their clients is protected.

b) Integrity

Information integrity is critical for administrative security. This is because the

concepts contest for the protection of

information from distortion during storage,

processing and transmitting. Integrity CONF

IDEN
TIALI
identifies the need to ensure that data is both TY
INTEGRITY
accurate and trustworthy. More to that, the

data is protected from unauthorized

personnel regardless of the intent. When AVAILABILITY

data is changed in unpredictable ways, the

effect is called credibility loss. Integrity is

particularly relevant for sensitive security and financial data used for operations such as

financial accounting, air traffic control and transactions of electronic money.

c) Availability
ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 6

Availability means that the data can be accessed by legally authorized users whenever

need arises. incase information is inaccessible the phenomenon is known as denial of service.

2.2. Risk Management

Risk management is a vital concept related to information security. CISA Review

Manual (2006), identifies risk management as the identification of threats and vulnerabilities

that might impede the achievement of organizational goals. Risk management strategies are

mainly based on the value accorded information resources by the organization.

In broad terms, the risk management process consists of:

 Identification of critical information assets and systems such as data and databases,

data processing, applications, networks, etc.

 Identification and assessment of threats associated with the information assets and

systems such as accidents, acts of war, malicious acts and acts of nature that might be

induced by both external and/or internal factors.

 Assessment of vulnerability and determine the probability that the vulnerability will

be exploited.

 Identification and implementation of appropriate security controls to provide a

proportional response.

2.3. Security Controls

Security controls are measures aimed at safeguarding or managing information

system-based risks. Controls can be implemented to detect, prevent, and or correct an

incident that can cause loss of confidentiality, integrity and availability. Machine learning

technologies are implemented as preventive and or detective security control mechanisms.

ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 7

The following are the categories of controls:

 Physical controls – these control and track the working climate and the computing

infrastructure. they also track and control connections from and to those facilities. For

example: heating and air conditioning, doors, windows, fire and smoke detectors,

cameras, barricades, fences, etc.

 Administrative controls - Administrative processes provide the basis for the

administration and operation of companies. The offer information on ways through

which the company is going to meet its day to day operational requirements. examples

of administrative controls include password policy, training incident response

processes, security policy and security awareness.

 Logical controls – Logical controls are also known as technical controls. They

typically used data and software to control and monitor access to privileged

information and information systems. use software and data to monitor and control

access to information and information systems. Machine learning is a typical example

of logical controls. Other examples are, network firewalls, systems to detect intrusions

to systems, host-based firewalls, data encryption and access controls.

3. MACHINE LEARNING

Machine learning is a term in informatics that helps machines to learn without

reprogramming. Machine learning originated from work in artificial intelligence on

computational learning theory and pattern recognition. The concept explores the evolution

and construction of algorithms that can learn from and forecast outcomes. The technology

enables computer to find patterns, organize information and learn tasks through the

application of multifaceted mathematical calculations to big data repeatedly with incredible

speed.
ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 8

Some of the key characteristics of machine learning are iterative aspects of the

technology that enable it to independently adapt models that are exposed to new data. They

can also learn to produce repeatable, reliable results and decisions from prior computations.

While many early AI programs were reliant on human programming and rule-based, Machine

learning is a technique that helps computers to educate themselves, and to create their own

laws.

The growing varieties and volumes of data available coupled with cheaper and more

potent computational processing and storage enables the automation of models to analyze

complex and big data within lesser time accurately and on a large scale. This leads to better

outcome predictions and consequently better responses in terms of decisions made without

the need for human interactions.

3.1. Learning Modes

Based on the nature of the learning, machine learning is divided into three main

categories:

 Supervised learning: This is the most important learning task for the machine as it

involves the development of a model. The algorithm first discovers the laws of the

original classification category by evaluating the training data collection. Such laws

are then added to the validation or evaluation data collection and the results are used

to refine the parameters of the laws. Finally, the tailored rules are added to the test

data collection, and the tests determine both the "trust" level and the "support" level

for each rule. In other words, the machine is provided with illustrational inputs and

their expected outputs, and the objective is to establish a rule of thumb mapping

outputs. Classification is an indicator of what is considered "supervised" machine

ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 9

learning, which uses an algorithm to classify the objects within its domain from data

already identified with the algorithms of the language used in machine learning.

 Unsupervised learning: The learning algorithm doesn't give names, so finding order

in their data is left alone. Unmonitored learning may be a means to achieve a result or

the result in itself.

 Reinforcement learning: A computer program deals with a complex world in which it

needs to achieve a certain task without a direct instruction from a teacher informing it

that it has come close to its target. Another example is the ability to play a game with

an opponent

 Developmental learning: A machine produces its own sequences of learning

scenarios (also called curriculum) to develop repertoires of new skills by

autonomously or through contact with humans by use instruction strategies such as

maturation, motor synergies, active learning, or by simulations. This is prominent in

robotics.

3.2. Processing Modes

Machine Learning technologies can process security data in two modes as described

below:

 Batch Processing - this is a method of processing that involves the execution of

machine learning techniques on batch of inputs (a set of inputs) instead of focusing on

a singular input. In most cases the inputs are data at rest.

 Stream Processing – this mode of security data processing was designed to interpret

data flow and to operate on it in real time. Stream processing systems manage high

volume in real time with an architecture which is flexible, readily accessible and
ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 10

resistant to faults. It helps data to be analyzed in motion. Stream processing is the

ideal mode to process data streams required for fraud detection and system and

network monitoring, and risk management,

SOURCE: CLOUD SECURITY ALLIANCE

3.3. Big Data

Machine learning and big data are two inseparable concepts. Machine learning

technologies depends largely on big data for intelligence information. Big Data refers to

large-scale technologies of information analysis and management which surpass the

capabilities of conventional methods of data processing. Cloud Security Alliance (2013)

identified that the current data in the world has been created over the past few years. This is

attested to the noted increase in data production. The data is often machine generated,
ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 11

unstructured or human data. Examples of unstructured human generated data include word

notes, telephone text messages, Facebook and LinkedIn updates, or business or individual

web sites. Specifically, machine learning will leverage on internal and external security data

generated or collected like network packets, security logs, application logs, and external

security data or Indicator of Compromise (IOC) such as virus signatures, IP addresses,

malware files, domain names of botnet command and control servers.

4. INFORMATION SECURITY AND MACHINE LEARNING

It is imperative for organizations to migrate towards security models that are intelligence-

driven. The RSA Security Brief of January 2013 contested that such a model would rely

on information from external and internal sources to deliver a comprehensive security and

risk vulnerability overview.

4.1. Predisposing Conditions

Machine learning will play a big role in information security sector as corporations deal

with information security risks that result from four predisposing conditions:

 Emerging technologies - mobility, Internet of Things (IOT), Cloud computing and

other networking trends create new vulnerabilities that could have devastating

outcomes.

 Dissolving network boundaries – as organizations expand their data networks in a bid

to ensure that their customers, suppliers and partners can easily access their data so as

to push for innovativeness and cooperation, they heighten their vulnerability to data

theft and misuse. Corporate apps and data are now rapidly accessible from cloud
ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 12

providers and mobile devices, thereby undermining the limits of the corporate

network and adding new dimensions of communication danger and challenge.

 More sophisticated adversaries – Cyber criminals have grown increasingly

sophisticated in carrying out highly selective, dynamic assaults that bypass

conventional protections, steps to identify static risks and software focused on

signatures.

 Monitoring and analyzing network packets, system events, and logs- Traditionally,

forensics and intrusion detection has been a major problem; however, conventional

techniques fail to provide all the framework necessary to enable long-term, large-scale

investigations and analytics.

Response practices, incident detection and risk management practices are getting

supplemented by the availability and growth of both internal and external security

intelligence and response practices. In fact, ESG (2012) identifies that nearly two-thirds of

enterprises use external threat intelligence as part of their information security

analytics activities.

4.2. Sources of Security Data

Depending on the organization, data requirement may vary. At the minimum, the

following distinct type of data and data sources should be harnessed. The list will grow as

organizations respond to new threats and vulnerabilities:

a) Internal Sources of Security Data:

 User activity

 Firewall logs
ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 13

 Physical security logs

 Operating system logs

 Application logs

 Firewall rule set

 Asset data

 Log/event data from network devices

 Web access management systems

 DNS-specific logs/events

b) External Sources of Security Data:

The Indicator of compromise (IOC) is a concept that best describes a collection of

security information from external sources. In the forensics world, it is referred to as Proof on

a device showing that network security has been compromised. Investigators typically collect

this data after being told of a suspected event, on a regular basis, or after irregular network

call-outs are detected. The data is collected to create "smarter" software capable of

identifying and quarantining criminal files in the future. Examples of Indicator of

compromise are virus signatures, Internet Protocol address blacklist, MD5 message-digest

algorithm hashes, malware files, and Uniform Resource Locator (URL) or domain names of

botnets and control servers.

4.3. Machine Learning Application

The initial step to applying machine learning solution to solve information security

problems is to establish big data architectures to collect, store, and manage security-related

information. Algorithms would be applied to the security data in the learning modes to enable

computers to model those data. These models are thereby applied on a set of security data
ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 14

through batch or stream processing to detect anomalies. For instance, computers can be

modeled to understand the dynamics of all the virus signatures, MD5 hashes, malware files,

IP and DNS black lists, and detect patterns related to them. Karim, Salleh, and Khan, (2016)

describes the use of Smartbot Machine Learning Technology to prevent the prevalence of a

large-scale attacks caused with the use of bot infested mobile devices to initiate and conduct a

mobile botnet attack.

When the machine technology is applied, it provides logical protection of availability,

integrity, and confidentiality of information and the systems that provide such information

INPUT OUTPUT

Know DETECT Unkn

MODEL
n own
Securi Machine Securi
Machine
ty Learning ty
Learning
Data Threa
Algorithm Algorithm
ts

MACHINE LEARNING PROCESS

5. ROLE OF MACHINE LEARNING IN INFORMATION SECURITY

Machine learning technologies would generally help organizations detect unknown and

predict future threats. Specifically, the technology would play the following role in

addressing some major information security challenges:

Data Identification and Classification -this is one of the most common tasks done by

machine learning algorithms. Machine learning methods particularly can help look at a

complicated set of data and identify the processes that generate such data. The machine
ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 15

learning method generates a model that can be used to determine the correct classification of

potential objects based on the identified dataset. Cylance helped the US Office of Personnel

Management (OPM) to identify 2000 pieces of malware by using machine learning to

analyze massive amounts of data. (Forrest, 2016). In addition, Machine learning also serves

other uses, including information technology security to detect sensitive resources and

unwanted information technology assets within an enterprise by analyzing use trends, and

behavior-based verification such as device authentication This authentication is based on

connections with other users and servers, the normally open software or their daily operating

hours.

Fraud Prevention - -- Whether financial manipulation, procurement fraud or the illegal use

of company services, machine-learning technology may be used to evaluate vast volumes of

behavioral data and other disparate metrics to differentiate between malicious and legitimate

business practices. Session intelligence and behavioral and click-stream analysis have been

expected to converge to combat the misuse of business logic in which criminals find a

weakness in the operation of an IT-based program and manipulate it for illegal benefit.

Network Security – Machine learning enables organizations to harvest significant security

information from sources such as traffic on the website, security devices, business processes,

firewall and other daily transactions. This sum of data and the frequency analysis of incidents

is too difficult for conventional SIEMs to manage on their own.

Enterprise Events Analytics – Machine learning will address the problem of increasing

security relevant data generated from event logging. Machine learning algorithms can be

implemented to enable prompt identification of actionable security data from large corporate

data sets data sets. For instance, HP research Lab collected terabytes of Domain Name

System (DNS) events involving milliards of DNS application components responses at an

ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 16

Internet Service Provider (ISP). The objective was to identify botnets, malicious domains and

other malicious activities in a network using the rich source of DNS information. After

training the machines to understand the features that are indicative of maliciousness, various

malicious practices were identified from the internet service provider data set.

Advanced Persistent Threats Detection (APT) – Machine learning will prevent and or

detect Advanced Persistent Threats (APTs). An Advanced Persistent Threat is a deliberate

attack on an object or physical device that is of high importance. An APT uses leaked

account password or zero-day vulnerabilities to prevent warning causes. This type of attack

may occur over a longer period of time, while the victim remains unaware of the intrusion.

For instance, in 2010 Verizon data breach audit report concluded that evidence of data breach

was reported in company logs in 86 percent of cases, but security alarms were not raised by

the detection mechanisms (Verizon, 2010). The vast volume of data to be sifted through in

pursuit of abnormalities is a problem when identifying APTs. Because of the data volume,

traditional perimeter defense network systems can become ineffective in detecting targeted

attacks and cannot be scaled to the increasing size of organizational networks. As a result, the

techniques of machine learning can be used to profile host behavior or user activities within a

network and prevent or detect deviations.

Risk Management Improvement – Machine learning should be matched with other

protection priorities to help businesses cope more efficiently and proactively with threats.

Therefore, companies should recognize shifts in their risk profile and respond as soon as

possible.

6. CONCLUSION
ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 17

Machine learning technologies can help organizations better secure their knowledge and

computer systems' secrecy, credibility and availability by gathering, storing and reviewing

internal and external security data to identify unknown and anticipate potential threats.

Organizations should consider migrating to an intelligent based protection by investing in

machine learning technologies to be more proactive and detective in dealing with security

threats. This also implies that organizations should build an effective information security

program by developing a comprehensive security strategy, adopt common security

architecture, implement scalable big security data solution, build analytic skills and leverage

threat intelligence.
ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 18

References

CISCO. (2016). Midyear security report. Retrieved from

http://www.cisco.com/c/dam/assets/offers/img/600/midyear-security-report-2016-

preview-600x781.jpg

Cloud Security Alliance (2013, September). Big Data Analytics for Security Intelligence.

Retrieved from

https://downloads.cloudsecurityalliance.org/initiatives/bdwg/Big_Data_Analytics_for_Se

curity_Intelligence.pdf

Curry, S., Kirda, E., Schwartz, E., Steward, W. H. & Yoran, A. (2013, January). Big Data

Fuels Intelligence-Driven Security. RSA Security Brief. Retrieved from

https://www.emc.com/collateral/industry-overview/big-data-fuelsintelligence-driven-

security-io.pdf

Henry, R. & Venkatraman, S. (2015). Big Data Analytics: The Next Big Learning

Opportunity. Academy of Information & Management Sciences Journal. 18(2). 17-29.

Retrieved from http://eds.b.ebscohost.com.ezproxy.umuc.edu/eds/detail/detail?

vid=2&sid=bbfd f06a-a049-41f0

8347820ab6901474%40sessionmgr106&hid=117&bdata=JnNpdGU9ZWRzLWxpd

mUmc2NvcGU9c2l0ZQ%3d%3d#db=bth&AN=111483026

IBM (2016, March). IBM X-Force Threat Intelligent Report. IBM Security. Retrieved from

http://www.foerderland.de/fileadmin/pdf/IBM_XForce_Report_2016.pdf
ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 19

Information Security (2016, October). In Techopedia. Retrieved from

https://www.techopedia.com/definition/10282/information-security-is

Information Security. (n.d. October 28, 2016) Retrieved from

https://en.wikipedia.org/wiki/Information_security

InfoQ (2016, November). Real-Time Stream Processing as Game Changer in a Big Data

World with Hadoop and Data Warehouse. Retrieved from

https://www.infoq.com/articles/stream-processing-hadoop/

ISACA (2015). CISA Review Manual (26th ed.). Meadows, IL: ISACA

Karim, A., Salleh, R., & Khan, M. K. (2016). SMARTbot: A Behavioural Analysis

Framework Augmented with Machine Learning to Identify Mobile Botnet Applications.

Retrieved from http://eds.a.ebscohost.com.ezproxy.umuc.edu/eds/detail/detail?

vid=2&sid=07b1 a206-6f61-43fb-b808713d6424276c

%40sessionmgr4006&hid=4105&bdata=JnNpdGU9ZWRzLWxp

dmUmc2NvcGU9c2l0ZQ%3d%3d#AN=113767961&db=a9h

Machine Learning. (2016, November). Retrieved on from

https://en.wikipedia.org/wiki/Machine_learning

Machine Learning: What it is and why it matters". (2016, November) Retrieved from

http://www.sas.com/it_it/insights/analytics/machine-learning.html

Samuel, A. (1959). Some Studies in Machine Learning Using the Game of Checkers. IBM

Journal. 3(3), 210–229. http://dx.doi.org/10.1147/rd.33.0210

Tipton, H. (2009). Official (ISC)2 Guide to the CISSP CB. K (2nd ed.). Raton, FL: CRC Press,

Taylor & Francis Group.

ADMINISTRATIVE SECURITY AND MANAGEMENT RULES 20

Tech Republic, (2016, September). How Machine Learning and AI will Save the Entire

Industry. Retrieved from http://www.techrepublic.com/article/how-machine-learning-and-

ai-will-save-the-entire-security-industry/?

ftag=TREa988f1c&bhid=24211067649038250745162196717495