Home > Access control Concepts, Uncategorized > A Taxonomy of Enterprise Protected Objects

A Taxonomy of Enterprise Protected Objects

Protected objects in an enterprise varies a lot. Examples include databases, customer records, manufacturing plans, secret business formulas, employee records, so on. The protection requirements for these datas also vary greatly. Some data have more confidentiality requirements (eg. secret business formulas), some have strict integrity requirements (e.g. employee payroll database), while some data need both high integrity and confidentiality requirements. On the other hand, some resources in the enterprise need high availability requirements (e.g. virtual machine hosting web server, DB server).  Characterizing the enterprise data (I am excluding resources like cloud VM, IoT resources/data) with respect to business values and  protection requirement is important to give insight to the administrators and   security personnels (CISO). and this is the objective of this post.

Following is one taxonomy of protected enterprise objects. Note that the taxonomy is not complete and just one way of classifying enterprise objects.

Different types of enterprise protected objects

Workflow or Business Objects:

  •  Identifies and models business process into multiple tasks, subtasks (e.g. purchase order).
  •  Usually regulated by the enterprise itself.
  •  Often related with job functions.
  •  Operations  on Workflow or Business Objects are often related with operations on other Workflow or business Objects (eg. issue purchase order, pay for purchase order etc.)

Operational  Objects:

  • Workflow or Business Objects depends on one or more Operational or Transactional Objects . For example, a purchase order is implemented by one or more entry in one or more database tables. Examples of Operational or Transactional Objects includes database tables or documents associated with workflow operations.
  •  Operations on Operational or Transactional Objects need to be regulated for integrity requirement than confidentiality requirements.

Strategic  Objects:

  • Strategic Objects includes data related with the strategic planning of an organization. Example of Strategic Objects are document related with marketing plan, product announcement etc.
  •   Both confidentiality and integrity requirements are high priority for Strategic Objects

Large Scale  Objects:

  • Analytic or record Object is readonly data generated by different activities in the enterprise. Analytic or record Object are used to derive insight or extract knowledge from ongoing business activities. Examples include customer records, purchase records etc.
  •   Analytic or record Object is often regulated by external standards.
  •   Numerous in numbers.
  •   Due to its large volume, Analytic or record Object can be stored in on site or o premises. This data has to be regulated consistently despite of its diverse location or storing policies. For example, purchase records can be stored in premise magnetic tapes as well as o premise cloud providers. Same regulations have to be applied uniformly on all these instances.

Following tables shows security concern for different types of permission associated with different types of enterprise objects.

Security Requirements for different types of Enterprise Objects

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: