yellow emperor internal canon on information security - part 1
TRANSCRIPT
Yellow Emperor's Internal Canon on Information Security, Part 1 of 2
“To fight a disease after it has occurred is like trying to dig a well when one is thirsty or forging a weapon once a war has begun.”
Topics
Introduction
Human (Part 1 of 2)
Heaven (Part 1 of 2)
Earth (Part 2 of 2)
TCM – Traditional Chinese Medicine / Trusted Computing Management (Part 2 of 2)
Conclusion
Who
Yellow Emperor – the First of Chinese Three Sovereigns and Five Emperors. He is renowned for being the originator of the centralized state, a cosmic ruler and a patron of esoteric arts. Traditionally, he reigned around 2697 –2597 BC.
Qibo – the mythical doctor with enlightened knowledge of traditional Chinese medicine. When Yellow Emperor first sought him to help rule the country, Qibo was not interested. But when Yellow Emperor asked about how to live long and healthy, Qibo became interested.
Yellow Emperor’s Internal Canon is a series of conversation between Yellow Emperor and Qibo on how to have a long and healthy life.
What
Yellow Emperor’s Internal Canon (YEIC) is considered to be the fundamental source on the Chinese Traditional Medicine (CTM).
YEIC based on Daoist view of
nature’s five elements (earth, metal, water, wood, fire)
yin and yang (reactive, proactive force)
qi (breath)
the effect of both heaven and earth on a person’s health
focused more on preventing than reacting to illness.
When & Where
Though Yellow Emperor traditionally known to reign from 2697 – 2597 BC, the earliest YEIC text is believed to be dated around 200 BC according to Joseph Needham and Lu Gwei-Djen
Location: China
Why
YEIC is a part of series of Chinese Wisdom as a Service (CWaaS). It is capable of dispense wisdom to meet the reader’s need if that person has the necessary awareness.
This presentation is an obsequious attempt to apply YEIC to Information Security.
Part 1 focuses on the Human and Heaven portions of YEIC and how they apply to the information security.
Part 2 focuses on the Earth and the TCM portions of YEIC and how they apply to the information security.
HumanEmbodiment of Heaven and Earth whose outward appearances marks the flow of time and whose innards are fixed like the cardinal points
Common Theme : Lifecycle
Like a person, both a company and an information security asset has a life cycle.
Human Corporation Asset
Birth Docker, Illumino Classify Asset Right
Maturing Microsoft, Google Monitoring, Right Management, Logic Control
Illness Yahoo, IBM Loss of availability, confidentiality, and/or integrity
Death Compaq, Netscape Destruction of Asset
The Five Viscera
The Modern Western Medicine (MWM) began with the study of visible human organs, and then further in-depth study of their structure and function. Their relationship with other organs and body system are not important.
The Traditional Chinese Medicine (TCM) began with the theme: all things grow and change. From the text: That four seasons and yin yang are the root of all things.
Yin yang and four seasons changes mean that all things grow, age, and death. The concept of the internal organs of TCM means that all organs influence each other, so that the body constitutes an integral part of interactive system.
This concept is equally applicable to a business organization and an information security.
Five Viscera existed not just within human body, but also existed in the corporate and information system.
Fire Elementswelling, flowering, brimming with energy
Heart, the position of kings, is where deities resided.
Heart belongs to the fire element. Heart is like the sun shining and drawing all the body organs functioning. When heart stopped working, people died.
The heart is the Chairman, commanding all officials to coordinate with each other with division of labors, so that the company constitutes an indivisible whole.
The heart is the CISO (chief information security officer), commanding all other ISO to coordinate with each other with division of labors, so that the information security constitutes an indivisible whole.
心
者
,
君
主
之
官
,
神
明
出
焉。
Earth Elementleveling and dampening (moderation) and fruition
Spleen, the treasury officer, dispenses five flavors.
Spleen is the earth element where all things grow. All living things depends on things grow out of the land. People depends on spleen to digest food and to transfer energy to the entire body.
Spleen is the Treasurer where resources are kept. A company with lots of resources have lots of potential; a company with scan resources has to struggle to get by.
Spleen is InfoSec’s asset management, without which, sensitive assets will be made available to hostile force.
脾
者
,
倉
廩
之
官
,
五
味
出
焉。
Metal Elementharvesting and collecting
Lung, the Premier Ministre, dispenses governance and regulation.
Lung is the metal element where it collects and harvests oxygen from the air and dispense them into blood streams. Lung is the only viscera that can be voluntary controlled. Yet, it can affect how kidney, liver, heart and spleen behaves.
Lung is the CEO whose action affects how other departments behave. CEO leads other management towards the common goal set by the chairman.
Lung is the ISO who secured the network system. Incoming and outgoing data are carefully regulated. Data flow can be shut off temporary to mitigate risk.
肺
者
,
相
傅
之
官
,
治
節
出
焉。
Water Elementwhere stillness and storage pervades
Kidney, the engineering official, dispenses crafts.
Kidney is the water element which is the source of life. It possessed the innate essence and the acquired essence that can be transformed human tissue into organ, or to spark another life.
Kidney is the R&D manager who makes things happened. He harnessed the creative genius with the modern technology to come up new innovation.
Kidney is the ISO whose creativity combines the business and the security needs into the security policy that does not hinder but enhances the company’s business competitive advantages.
腎
者
,
作
強
之
官
,
技
巧
出
焉。
Wood Elementwhich generates abundance and vitality
Liver, the General, dispenses strategies and tactics.
Liver is the wood element which promotes growths and immunization. It attempts to neutralize hostile elements before they can further damage other viscera. Unfortunately, because it constantly defending the body to external threats, it suffers the most and one of the earliest organ to decline.
Liver is the chief risk management officer who enables effective command and control of significant risks, and related opportunities, to a business and its various segments.
Liver is the ISO who specializes in the Incident Response. Whenever there is an information system crisis, the ISO has to coordinate everyone to get the system back online, find the root cause, and to provide recommendation to prevent the disaster from happening again.
肝
者
,
將
軍
之
官
,
謀
慮
出
焉。
Yin & Yang in Organization/Entity
Yin
Passive, reactive, feminine force
Body: front, interior organ, body, blood, below waist
Corporation: employees, finance, products, buildings
Information Security: asset management, incident response, network system
Yang
Active, initiating, masculine force
Body: back, exterior skin/muscle, head, qi, above waist
Corporation: management, marketing, service, people
Information Security: access management, risk management, data stream
Qi in Entity/Organization/Information SecurityQi is the flow of energy.
In Human body, qi travels along the meridian system.
In organization, qi is the financial flow that keeps it alive. No department can survive without inflow of finance.
In Information Security, qi is the information that travels along the network system.
Acupuncture Pressure Points Chart from http://lam24.wordpress.com/2009/10/07/acupuncture/
Examples of Qi in Organization & Information Security
Logical Network Map from http://www.umass.edu/i2/
Network Security Architecture Design fromhttp://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/safek12.html
Introduction to Heaven
Heaven is the symbol of nature in motions. It represents cycles of changes, movement of times, and flutter of activity.
It also embodies the state that we found ourselves in a given situation
Birth, Enlivening, Spring
Maturing, Ascending, Summer
Aging, Descending, Autumn
Death, Retiring, Winter
Springheaven and earth given birthenable thriving in all living things
This spring air reflects the way of maintaining good health
In nature, Spring represents birth of all living things.
In business, Spring represents birth of new products, business units, and employees joining the enterprise.
In security, Spring represents births of
new employee access
certification cycle
malware in host machine
天
地
俱
生
,
萬
物
以
榮…
此
春
氣
之
應
養
生
之
道
也
S u m m e rheaven and earth interacts,all living things bloom
This summer air reflects the way of maintaining longevity.
In nature, Summer represents all living things at their prime.
In business, Summer represents the optimal of new products, business units, and employees reaching their full potential.
In security, Summer represents the peak such as
employees gain more responsibility, more access are granted
Certification cycle reaches greater acceptance
malware infects to largest number of machines
天
地
氣
交
,
萬
物
華
實
…
此
夏
氣
之
應
養
長
之
道
也
A u t u m nthe heavenly chi hurried,
the earthly chi brightened
This autumn air represents the Way of Harvesting.
In nature, Autumn represents all living things pass their prime.
In business, Autumn represents the decline of products, business units, and employees potential. At this stage, resources are milked for all their worth.
In security, Autumn represents the gradual decline of
employees role have been redefined and may not need certain access
Certification cycle moves toward closing cycle as some business needs are not met.
malware infection has been contained and reduced.
天
氣
以
急
,
地
氣
以
明…
此
秋
氣
之
應
養
收
之
道
也
W i n t e rWater froze and earth cracked,undisturbed from the sun
This winter air represents the Way of Hoarding.
In nature, Winter represents death of all living things.
In business, Winter represents the closing of product lines, business units, and employees positions. At this stage, resources are conserved.
In security, Winter represents the end of
employees accesses are closed
Certification cycle
malware infection
水
冰
地
坼
,
無
擾
乎
陽…
此
冬
氣
之
應
養
藏
之
道
也
Yin and Yang in Heaven
Yang energy brings warmth in Winter & Spring but excessive heat in Summer & Fall.
Yin energy brings relief in Summer & Fall but excessing frigidity in Winter & Spring.
In Business:
Yang energy proactively starts the company by finding a need.
Yin energy reactively starts the company by fulfill a need.
In Security:
Yang energy championed the need for security awareness.
Yin energy followed the requirement for security awareness.
Qi in Nature
In Heaven, the most obvious sign of qi is the movement of wind.
Scientifically, wind is caused by difference in atmospheric pressure.
Philosophically, wind is caused by combination of Yin and Yang.
In Business, the qi is the healthy mix of Yin (inflow of revenue) and Yang (outflow of products & services).
In InfoSec, the qi is the healthy mix of Yin (technology) and Yang (InfoSec Pro).
In Closing - Heaven
Even though we designated three months of a year to a season, yet, in reality, they are not constant as certain season felt long and other season felt short.
Likewise, all things experience four different states, but not all states have same durations.
A business unit takes a long to get start
A product line has short period of birth and discontinue, but long periods on growing and declining
A certification can schedule to have the closing of one cycle coincide with the starting of one another.
Summary
Yellow Emperor Internal Canon (YEIC) is a Chinese Wisdom as a Service (CWaaS). It is capable of dispense wisdom to meet the reader’s need if that person has the necessary awareness.
Historically, people have used it as is, to treat illness of their patients.
Others have used it as guide to treat illness of a dynasty
In Modern Time, could it serve other functions:
Treating illness of a business entity?
Treating illness of a information security network?
Summary
The Modern Western Medicine (MWM) treats individual organ as is without paying attention to other organs.
The Traditional Chinese Medicine (TCM) began with the theme: all organs influence each other, so that the body constitutes an integral part of interactive system.
the root cause of a failed business component does not necessary resides within that business component.
likewise, the failure of an information security system does not necessary caused by that system.
Summary
Heaven represents movement of four phases:
All living things experienced birth, grown, declining, and death
All non-living things experienced forming, accumulating, decaying, and dispersing
All social organization experienced transforming, performing, reforming, and adjourning
All technologies experienced creating, thriving, maturing, and effacing
Summary
This PowerPoint presentation is the first of two parts that focuses on how an ancient Chinese Wisdom as a Service can be applied in modern time in form of analyze a corporation and an information security system.
This presentation focuses only the Human and the Heaven aspects of Yellow Emperor Internal Canon.
Next presentation will focus on the Earth and the Traditional Chinese Medicine treatment of Yellow Emperor Internal Canon.