Yellow Emperor's Internal Canon on Information Security, Part 1 of 2

“To fight a disease after it has occurred is like trying to dig a well when one is thirsty or forging a weapon once a war has begun.”

Topics

Introduction

Human (Part 1 of 2)

Heaven (Part 1 of 2)

Earth (Part 2 of 2)

TCM – Traditional Chinese Medicine / Trusted Computing Management (Part 2 of 2)

Conclusion

IntroductionA snapshot of Yellow Emperor and his Internal Canon

Who

Yellow Emperor – the First of Chinese Three Sovereigns and Five Emperors. He is renowned for being the originator of the centralized state, a cosmic ruler and a patron of esoteric arts. Traditionally, he reigned around 2697 –2597 BC.

Qibo – the mythical doctor with enlightened knowledge of traditional Chinese medicine. When Yellow Emperor first sought him to help rule the country, Qibo was not interested. But when Yellow Emperor asked about how to live long and healthy, Qibo became interested.

Yellow Emperor’s Internal Canon is a series of conversation between Yellow Emperor and Qibo on how to have a long and healthy life.

What

Yellow Emperor’s Internal Canon (YEIC) is considered to be the fundamental source on the Chinese Traditional Medicine (CTM).

YEIC based on Daoist view of

nature’s five elements (earth, metal, water, wood, fire)

yin and yang (reactive, proactive force)

qi (breath)

the effect of both heaven and earth on a person’s health

focused more on preventing than reacting to illness.

When & Where

Though Yellow Emperor traditionally known to reign from 2697 – 2597 BC, the earliest YEIC text is believed to be dated around 200 BC according to Joseph Needham and Lu Gwei-Djen

Location: China

Why

YEIC is a part of series of Chinese Wisdom as a Service (CWaaS). It is capable of dispense wisdom to meet the reader’s need if that person has the necessary awareness.

This presentation is an obsequious attempt to apply YEIC to Information Security.

Part 1 focuses on the Human and Heaven portions of YEIC and how they apply to the information security.

Part 2 focuses on the Earth and the TCM portions of YEIC and how they apply to the information security.

HumanEmbodiment of Heaven and Earth whose outward appearances marks the flow of time and whose innards are fixed like the cardinal points

Common Theme : Lifecycle

Like a person, both a company and an information security asset has a life cycle.

Human Corporation Asset

Birth Docker, Illumino Classify Asset Right

Maturing Microsoft, Google Monitoring, Right Management, Logic Control

Illness Yahoo, IBM Loss of availability, confidentiality, and/or integrity

Death Compaq, Netscape Destruction of Asset

The Five Viscera

The Modern Western Medicine (MWM) began with the study of visible human organs, and then further in-depth study of their structure and function. Their relationship with other organs and body system are not important.

The Traditional Chinese Medicine (TCM) began with the theme: all things grow and change. From the text: That four seasons and yin yang are the root of all things.

Yin yang and four seasons changes mean that all things grow, age, and death. The concept of the internal organs of TCM means that all organs influence each other, so that the body constitutes an integral part of interactive system.

This concept is equally applicable to a business organization and an information security.

Five Viscera existed not just within human body, but also existed in the corporate and information system.

Fire Elementswelling, flowering, brimming with energy

Heart, the position of kings, is where deities resided.

Heart belongs to the fire element. Heart is like the sun shining and drawing all the body organs functioning. When heart stopped working, people died.

The heart is the Chairman, commanding all officials to coordinate with each other with division of labors, so that the company constitutes an indivisible whole.

The heart is the CISO (chief information security officer), commanding all other ISO to coordinate with each other with division of labors, so that the information security constitutes an indivisible whole.

心

者

，

君

主

之

官

，

神

明

出

焉。

Earth Elementleveling and dampening (moderation) and fruition

Spleen, the treasury officer, dispenses five flavors.

Spleen is the earth element where all things grow. All living things depends on things grow out of the land. People depends on spleen to digest food and to transfer energy to the entire body.

Spleen is the Treasurer where resources are kept. A company with lots of resources have lots of potential; a company with scan resources has to struggle to get by.

Spleen is InfoSec’s asset management, without which, sensitive assets will be made available to hostile force.

脾

者

，

倉

廩

之

官

，

五

味

出

焉。

Metal Elementharvesting and collecting

Lung, the Premier Ministre, dispenses governance and regulation.

Lung is the metal element where it collects and harvests oxygen from the air and dispense them into blood streams. Lung is the only viscera that can be voluntary controlled. Yet, it can affect how kidney, liver, heart and spleen behaves.

Lung is the CEO whose action affects how other departments behave. CEO leads other management towards the common goal set by the chairman.

Lung is the ISO who secured the network system. Incoming and outgoing data are carefully regulated. Data flow can be shut off temporary to mitigate risk.

肺

者

，

相

傅

之

官

，

治

節

出

焉。

Water Elementwhere stillness and storage pervades

Kidney, the engineering official, dispenses crafts.

Kidney is the water element which is the source of life. It possessed the innate essence and the acquired essence that can be transformed human tissue into organ, or to spark another life.

Kidney is the R&D manager who makes things happened. He harnessed the creative genius with the modern technology to come up new innovation.

Kidney is the ISO whose creativity combines the business and the security needs into the security policy that does not hinder but enhances the company’s business competitive advantages.

腎

者

，

作

強

之

官

，

技

巧

出

焉。

Wood Elementwhich generates abundance and vitality

Liver, the General, dispenses strategies and tactics.

Liver is the wood element which promotes growths and immunization. It attempts to neutralize hostile elements before they can further damage other viscera. Unfortunately, because it constantly defending the body to external threats, it suffers the most and one of the earliest organ to decline.

Liver is the chief risk management officer who enables effective command and control of significant risks, and related opportunities, to a business and its various segments.

Liver is the ISO who specializes in the Incident Response. Whenever there is an information system crisis, the ISO has to coordinate everyone to get the system back online, find the root cause, and to provide recommendation to prevent the disaster from happening again.

肝

者

，

將

軍

之

官

，

謀

慮

出

焉。

Yin & Yang in Organization/Entity

Yin

Passive, reactive, feminine force

Body: front, interior organ, body, blood, below waist

Corporation: employees, finance, products, buildings

Information Security: asset management, incident response, network system

Yang

Active, initiating, masculine force

Body: back, exterior skin/muscle, head, qi, above waist

Corporation: management, marketing, service, people

Information Security: access management, risk management, data stream

Qi in Entity/Organization/Information SecurityQi is the flow of energy.

In Human body, qi travels along the meridian system.

In organization, qi is the financial flow that keeps it alive. No department can survive without inflow of finance.

In Information Security, qi is the information that travels along the network system.

Acupuncture Pressure Points Chart from http://lam24.wordpress.com/2009/10/07/acupuncture/

Examples of Qi in Organization & Information Security

Logical Network Map from http://www.umass.edu/i2/

Network Security Architecture Design fromhttp://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/safek12.html

HeavenNature in motions

Introduction to Heaven

Heaven is the symbol of nature in motions. It represents cycles of changes, movement of times, and flutter of activity.

It also embodies the state that we found ourselves in a given situation

Birth, Enlivening, Spring

Maturing, Ascending, Summer

Aging, Descending, Autumn

Death, Retiring, Winter

Springheaven and earth given birthenable thriving in all living things

This spring air reflects the way of maintaining good health

In nature, Spring represents birth of all living things.

In business, Spring represents birth of new products, business units, and employees joining the enterprise.

In security, Spring represents births of

new employee access

certification cycle

malware in host machine

天

地

俱

生

，

萬

物

以

榮…

此

春

氣

之

應

養

生

之

道

也

S u m m e rheaven and earth interacts,all living things bloom

This summer air reflects the way of maintaining longevity.

In nature, Summer represents all living things at their prime.

In business, Summer represents the optimal of new products, business units, and employees reaching their full potential.

In security, Summer represents the peak such as

employees gain more responsibility, more access are granted

Certification cycle reaches greater acceptance

malware infects to largest number of machines

天

地

氣

交

，

萬

物

華

實

…

此

夏

氣

之

應

養

長

之

道

也

A u t u m nthe heavenly chi hurried,

the earthly chi brightened

This autumn air represents the Way of Harvesting.

In nature, Autumn represents all living things pass their prime.

In business, Autumn represents the decline of products, business units, and employees potential. At this stage, resources are milked for all their worth.

In security, Autumn represents the gradual decline of

employees role have been redefined and may not need certain access

Certification cycle moves toward closing cycle as some business needs are not met.

malware infection has been contained and reduced.

天

氣

以

急

，

地

氣

以

明…

此

秋

氣

之

應

養

收

之

道

也

W i n t e rWater froze and earth cracked,undisturbed from the sun

This winter air represents the Way of Hoarding.

In nature, Winter represents death of all living things.

In business, Winter represents the closing of product lines, business units, and employees positions. At this stage, resources are conserved.

In security, Winter represents the end of

employees accesses are closed

Certification cycle

malware infection

水

冰

地

坼

，

無

擾

乎

陽…

此

冬

氣

之

應

養

藏

之

道

也

Yin and Yang in Heaven

Yang energy brings warmth in Winter & Spring but excessive heat in Summer & Fall.

Yin energy brings relief in Summer & Fall but excessing frigidity in Winter & Spring.

In Business:

Yang energy proactively starts the company by finding a need.

Yin energy reactively starts the company by fulfill a need.

In Security:

Yang energy championed the need for security awareness.

Yin energy followed the requirement for security awareness.

Qi in Nature

In Heaven, the most obvious sign of qi is the movement of wind.

Scientifically, wind is caused by difference in atmospheric pressure.

Philosophically, wind is caused by combination of Yin and Yang.

In Business, the qi is the healthy mix of Yin (inflow of revenue) and Yang (outflow of products & services).

In InfoSec, the qi is the healthy mix of Yin (technology) and Yang (InfoSec Pro).

In Closing - Heaven

Even though we designated three months of a year to a season, yet, in reality, they are not constant as certain season felt long and other season felt short.

Likewise, all things experience four different states, but not all states have same durations.

A business unit takes a long to get start

A product line has short period of birth and discontinue, but long periods on growing and declining

A certification can schedule to have the closing of one cycle coincide with the starting of one another.

SummaryCondensing of a condense PowerPoint.

Summary

Yellow Emperor Internal Canon (YEIC) is a Chinese Wisdom as a Service (CWaaS). It is capable of dispense wisdom to meet the reader’s need if that person has the necessary awareness.

Historically, people have used it as is, to treat illness of their patients.

Others have used it as guide to treat illness of a dynasty

In Modern Time, could it serve other functions:

Treating illness of a business entity?

Treating illness of a information security network?

Summary

The Modern Western Medicine (MWM) treats individual organ as is without paying attention to other organs.

The Traditional Chinese Medicine (TCM) began with the theme: all organs influence each other, so that the body constitutes an integral part of interactive system.

the root cause of a failed business component does not necessary resides within that business component.

likewise, the failure of an information security system does not necessary caused by that system.

Summary

Heaven represents movement of four phases:

All living things experienced birth, grown, declining, and death

All non-living things experienced forming, accumulating, decaying, and dispersing

All social organization experienced transforming, performing, reforming, and adjourning

All technologies experienced creating, thriving, maturing, and effacing

Summary

This PowerPoint presentation is the first of two parts that focuses on how an ancient Chinese Wisdom as a Service can be applied in modern time in form of analyze a corporation and an information security system.

This presentation focuses only the Human and the Heaven aspects of Yellow Emperor Internal Canon.

Next presentation will focus on the Earth and the Traditional Chinese Medicine treatment of Yellow Emperor Internal Canon.