Blog Posts

Great Security Doesn’t Ruin Party Time

Blog: Jim Sinur

As organizations roll out most excellent / smarter processes and applications to compete in the digital world, the opportunity for abuse increases. The number of smart resources dynamically contributing to changing goals and desired outcomes will be increasing and the power that these resources posses will make them a target for those with bad intentions. These smart processes can be lead the wrong direction easily as they are built to auto-adjust to changing conditions thereby producing unexpected consequences in the hands of the wrong people. Those with bad intent can change the goals, decisions, and actions of processes and applications and hurt many as a consequence. Security will have to step it up while becoming less visible and easy to deal with in the new digital world. See http://jimsinur.blogspot.com/2015/06/security-is-boat-anchor-to-digital.html

Misguiding Processes with Patterns & Goals:

The kind of dynamic and real time processes and applications that will be emerging in the digital world will be susceptible to bad consequences through fooling the process into pursuing the wrong sets of goals by feeding these processes with false patterns. Most of the new processes will be able to sense events and patterns of events and those with bad intent can mislead a processes into sensing the wrong events and changing the goals to undesirable under the conditions and contexts.

Misguiding Processes with Decisions:

These dynamic processes will likely be dependent big data and embedded algorithms. Those with bad intent could alter the algorithms or the data bound for the analysis. Switching the combinations and sequence of these algorithms could have a bad and maybe undetectable effect until later down stream. This could be true of cognitive services (COGs) or machine learning where constraining rules and policies could be tampered with in real time.

Misguiding Processes to Act Improperly:

Besides messing with the goals or decisions, the actual actions could be altered in real time to create havoc. If for instance a fire drone was being flown for observation purposes it’s code could be altered to interfere with outcomes rather than help. In the case of fire observation, the drone could be directed in the flight paths of retardant craft and cause misses and delays at a minimum.

Net; Net:

Great security starts and making sure that the participants in the processes are authenticated and the persons authorizing change to the processes are authenticated in a fool proof manner. In additions there should be extra controls on key pieces of code and code sequences. There should be a security sensitivity analysis based on likely and unlikely scenarios in addition to authentication.

See http://jimsinur.blogspot.com/2015/07/imagine-no-passwords-its-easy-if-you-try.html

Leave a Comment

Get the BPI Web Feed

Using the HTML code below, you can display this Business Process Incubator page content with the current filter and sorting inside your web site for FREE.

Copy/Paste this code in your website html code:

<iframe src="http://www.businessprocessincubator.com/content/great-security-doesnt-ruin-party-time/?feed=html" frameborder="0" scrolling="auto" width="100%" height="700">

Customizing your BPI Web Feed

You can click on the Get the BPI Web Feed link on any of our page to create the best possible feed for your site. Here are a few tips to customize your BPI Web Feed.

Customizing the Content Filter
On any page, you can add filter criteria using the MORE FILTERS interface:

Customizing the Content Filter

Customizing the Content Sorting
Clicking on the sorting options will also change the way your BPI Web Feed will be ordered on your site:

Get the BPI Web Feed

Some integration examples

BPMN.org

XPDL.org

×