SCMA user manual
Contents
1. Hame Total Aug i Policy Per Node Compliance Level Information Policy HIPAA Security Standa Applications Policy Verordung DSG 1994 HIPAA Security Standa Authentication PIN Pasaword 18 7 16 14 12 7 10 Node Policy Bar Diagram Smartcard Token Authorization F FA 4 J re me g e a mi au is Information Applications Systems 6 4 2 o User based Role based Auditing Recovery Total W None HIPAA Security Standard v2003 Verordung DSG 1994 E ISO 17799 2 v2005 Low Medium HIGH Recovery Plan Silver Summary Table Authentication Method Recovery Plan Platinum Recovery Plan Gold Systems Policy ISO 17799 2 v2005 HIPAA Security Standa Authentication SiN 8 O 8 N N 8 N O o oa i Authentication Method Bar Diagram Password Smartcard Authorization Kerberos Active Directory Auditing z Recovery lt 5hrs A se D eo e qo we yo A a 9 a x Po A Information Applications Systems Recovery Plan Authorization Method Pa a Ait it d N e lt 0 we we L Information Applications Systems ye eae 4 ataona ols E E N N Authorization Method Bar Diagram N wr ge or Total W None Recovery Plan Silver Recovery Plan Platinum Recovery Method Bar Diagra2. 4 1 Nodes 4 1 1 Selection A node can be selected by pressing the left mouse button on a desired object The selection operation is indicated by the magnification of the node icon Several nodes can be selected simultaneously and the editing operations apply to all selected nodes The nodes can be unselected by pressing an empty area on the modeling pane Security Compliance Manager Version 0 5 1 13 Figure 11 Selected node Simultaneously some attributes of the selected node are presented in the status bar at the bottom of the screen They currently include the element s name its type and its groups 4 ee Mame HS Type Application Element Group Application Mode Figure 12 Status bar showing attributes of selected node 4 1 2 Tool Tip When hovering the mouse pointer over a node or edge for a few seconds the element s tool tip appears It is a short description of the element including its name owner group and security targets If an attribute is empty it will not appear in the description Te ALF 2 5 pplication Element Mame HIS Group Application Mode Confidentiality medium Integrity low Figure 13 Tool tip 4 1 3 Status Applied node policies appear on the modeling pane in form of an overlaid lock icon Additionally the name of each applied policy including its compliance status is presented on the pane The compliance status is expressed in percentage and calculated by dividing
3. Security Compliance Manager User Manual Draft Version 0 5 1 2006 05 26 This is a proof of concept prototype application built as part of a doctoral dissertation project submitted at the Institute of Information Systems Department of Information Engineering at the University of Bern Switzerland Although put considerable effort into the creation of the software and its documentation cannot guarantee for its correctness Due to its nature as a proof of concept prototype the software is not intended to be used in a production environment Therefore you must use it at your own risk or not use it at all Martin Luethi San Francisco 05 25 06 Security Compliance Manager Version 0 5 1 2 Table of Contents 1 HMTROGUCUI ON aia cusrasttvan A reicemaaein aitecsemtalaeaee cine saaiaieee chads aeeee eee ieieelec eee 3 2 A SCAM ARON T A E EA A AA EA E T A E 3 F MEHN or r SRR IsTDET Aer SCENE RNC Nr SceMnO TINE nD Aer Mme RMR ET Lene Nea n nereT Are 5 al EE E E EE EE E AEE PNE I E E AT E imine A EE E E E A 5 Jo Modene Paicen en a A 7 3 2 1 INOUE Sects ehh ateione hte acd nha one Ate acd en heh sae oae hee acme es 7 3 2 2 EGS CS A se E A A A unas scstunnacnt EE E EA E T 9 oTe Prope y Dralo S iiaei Aa 10 3 3 1 Text CNG cscs Sates inch ey a a a a a 10 Dee CHECK DOK 1Gl Cl oscstessiin dse costes iecenealoaestiaetew Reou soe irceneale eee eee 10 3 39 39 PODDER 11 3 3 4 SETE eoa a a a 11 I9 Valie CiS iecore en E A E T S 11 3 3 6 Comp la
4. a Show Successors Show Predecessors Show Neighbors Information oystem Summary Report Information Security Conti guracion Report Sub Graph Compliance Report Left click on the edit pane creates a new node Left click on an existing node brings up the node s property dialog Left click on an existing node holding down the mouse button and dragging to another node creates a new edge Right click on the editor field brings up the context menu Right click on an existing node brings up the node s context menu Left click on an existing node selects the node enlarges icon Left click on the edit pane and dragging marks a group of nodes Dragging a selected node moves the node to a different location Right click on an existing node brings up the node s context menu Dragging moves the entire pane scroll bars are provided if necessary Especially useful after zooming the view which allows to adjust it using the panning mode A left click on zoom in zooms the view by 10 A left click on zoom out zooms out the view by 10 Left click resets the zoom and position to its initial value Opens a dialog to filter nodes by specific criteria Opens a dialog to filter edges by specific criteria Resets all the filters and show all nodes and edges Requires one selected node shows all its directly and indirectly succeeding nodes All other nodes and edges are hidden Requires one selected node shows all its dir
5. process is self explanatory and installs the application including a private JRE into the chosen directory Application and installer have been tested on Windows 2000 and XP pa eel r mak hosan bml lcn hine Mai H F bhai Choco Hho Pokie in eh bo reial er Copi aa ghs b Sige Mera bje Fine he Denpi o ppan Harap Hyipi ihotauti Sehug pel ipa Senuriny Ciapa Har ir hee india Podge To pha in ere Select Eh Siar Mien Poider h aih ou eah Be bos create Ee peg ato fou dich Doea ind bokit another Pokder Chek hoot bo breraa DE pho anie a Taa No Crete re pkj er ios AL SEP bapi Fikir iscrna installer a trons fue required Hi SB SEE reba 2 1G lt back mets coe Back bre coud Figure 1 Windows installation process l As of version 0 5 0 the total installation file size for Windows is 25 3MB Security Compliance Manager Version 0 5 1 4 The following directory structure will be created under the chosen installation location Directory Description SCMA data XML options mapping policies and user manual Wal Sy External Java libraries images Images and icons jre Java Runtime Environment samples Sample file directory scma exe Executable program file Table 2 1 Directory structure Four sample policies are provided with the application and are loaded automatically The policies can be modified or additional policies can be added but are required to comply with the format used for the available p
6. selection of the security target which is expressed as a scale like value assuming values between Low and High Additionally the most left position of the slider indicates None as a security target Internally the selection is handled numerically as a choice between the range of 0 to 3 The slider does not record any options and also allows only one value per attribute Confidentiality II None Low Medium High Figure 8 Slider field 3 3 5 Value List The value list is similar to the pop up field but allows multiple selections per field A selection can be made by a left click on an entry of the Option List The entry immediately appears on the Selection List If an option is not listed it can be added by typing its value into the Edit Field beneath the Option List It can be added by pressing the Add Button or removed by using the Remove Button Options are stored independently of the model and are remembered for each element of this or any other model Each element can hold multiple values per attribute 1 n Security Compliance Manager Version 0 5 1 12 Application Node 2 Administrative Department 2 Administrative Enterprise Option List z Administrative Functional Py Gs Remove Button Selection List Edit Field Add Button Group Figure 9 Value list 3 3 6 Compliance List A compliance list is used to represent security policies Each node can have several security policies assigned which are selecte
7. the compliant control items by the number of the total items for the policy Moreover the status is emphasized by color codes green gt 66 66 gt yellow gt 33 red lt 33 Security Compliance Manager Version 0 5 1 14 HIPAA Bota 150 41 i af Main Server Figure 14 Policy indicator 4 2 Filters Filters allow to hide a subset of nodes They remain active until another filter is applied or the S Reset Filter action is executed Alternatively an empty area on the modeling pane can be clicked once The filters can be combined and are applied together Filters Node Domain nodes Hides information nodes if unchecked Filter Logical nodes Hides application nodes if unchecked Physical nodes Hides system nodes if unchecked Edge Flow edge Hides all flows connecting nodes on the Filter same layer if unchecked Mapping edge Hides mapping edges if unchecked Security All Shows nodes with all security targets Filter Confidentiality Shows nodes with at least a medium m h confidentiality security target Integrity m h Shows nodes with at least a medium integrity security target Availability m h Shows nodes with at least a medium availability security target Acco ntability Shows nodes with at least a medium m h accountability security target Reset Resets the filters to default all nodes Filter and edges are visible Table 4 1 Filters 4 3 Labels Labels are presented next to each element on the modeling pan
8. atic report about the entire health information system The Summary Table lists the Total number of nodes and edges by type Further it includes for each type the most important attributes and their occurrence For attributes with a 1 1 cardinality the percentage column refers to the occurrence and the total adds up to 100 percent For attributes with a 1 n cardinality the same column generally can add up to more than 100 percent since multiple attributes can appear per node or edge Average Avg refers to the average occurrence of the specific attribute per node or edge Minimum Min and maximum Max indicates the respective number of minimal or maximal occurrence on one node for the specific attribute The Node Type Pie Diagram and Edge Type Pie Diagram illustrate the proportion of the respective type toward the total of elements The Node Owner Bar Diagram lists all owners and the length of the bar indicates the number of nodes subject to each owner s responsibility The stacked colors correspond with the colors of each node type in the Node Type Pie Diagram Additionally two lines are superimposed and are the sum of incoming and outgoing connections of each owner s nodes Out going connections are an indicator of node importance for feeding other elements with data whereas incoming connections are associated with data consuming nodes Infonmation Sysiem Summary Repori Node Type Pie Diagram Edge Type Iamatan CCETT a f an
9. d using a regular value list However since every security policy can contain several control categories and control items expressing the compliance with items another form of representation is required The compliance list is organized in a folder structure allowing unfolding and folding of control categories Control items can be checked indicating their compliance or unchecked symbolizing non compliance Each policy can contain unlimited numbers of control categories and control items Categories can contain other categories A policy structure is defined within an XML policy file as listed in Table 2 2 Policy List EI HIPAA 9 E Security management process Risk Analysis Risk Management Sanction Polioy Information System Activity Reviews a F Assigned Security Responsibility g Workforce Security Information access management security Policy Folder Unfolded Control Category Compliant Control Item Not Compliant Control Item ee ee Folded Control Category Figure 10 Compliance list 4 View and Tools This section describes the functions found in the View and Tools menu Views include filters that can be applied to show a subset of all nodes and edges Labels determine the text that is presented next to each element on the modeling pane The selection can be made via checkboxes which allow multiple values to be selected at the same time Radio buttons are exclusive and only one selection can be made at a time
10. de since the nodes values are calculated recursively no node weights are currently provided op Recursive weighting Table 5 1 Analysis modes In the recursive analysis mode a function call recursively traverses the graph originating from the selected node down until it reaches a node without further successor nodes It then starts calculating and aggregating the compliance values weighted by the degree of the nodes cf Figure 18 The aggregated value of a parent node is calculated by its own single node compliance and the single node compliance of all its children Both values are weighted with a factor of 0 5 This analysis mode is experimental and generally provides results which are too optimistic o Analysis Mode Degree weighting Application Element Mame PACS P Groug Application Mode Total Compliance Owner Medical Director Radiology Security Policies YDSG 55 Type Hame Weight Somprence Distance me aaa degree i aa j 5 T0 Successor Node Table pe J ei sow ft e Hp eO aaa o J Dm Frint Prit Report Save Save Report a Single Node Distance From Serectec moce Compliance Selected Node Table 5 2 Node compliance report The results of all analysis modes are presented in the form of a table The root node of the sub graph is highlighted in the table and naturally has a distance from the selected node of zero The table is ordered by single node compliance Further a speedometer like figu
11. e osm F b Application eed Flos 0 100 L Edge Type Pie Diagram Node Owner Bar Diagram summary Table Print Save Figure 16 Information System Summary Report 5 2 Information Security Configuration The information security configuration report is structured in a similar way like the report discussed above However it is focusing on providing a summary of the security relevant Security Compliance Manager Version 0 5 1 17 properties of all the nodes and edges Its Summary Table on the left is similarly organized and provides numbers organized by node types The Node Policy Bar Diagram features grouped bars for all three node types The first bar in each group provides the number of the total nodes of the specific type in the system The second bar indicates the number of nodes that do not have security policies assigned at all The subsequent bars signify used security policies and number their occurrence The Y Axis specifies the number of nodes Superimposed are three lines that indicate the compliance status of the nodes The color codes correspond to the ones of the policy indicator status described in 4 1 3 The Recovery Method Bar Diagram is organized in a similar fashion the bars are grouped by node type the first and second bar provide the total numbers and nodes without any assigned recovery method followed by the assigned recovery methods or plans Information Security Configuration Report
12. e The default labels shown for nodes are name and for edges protocol If these attributes do not have any values assigned they will show up empty Labels L Node Labels Name Node name blank if empty Node type domain logical or physical node Node location system nodes only blank if empty Owner Node owner blank if empty Iype Location Degree Incoming and outgoing connections None No label Protocol of connection application and system flow only Name Name of connection Edge Labels Protocol Type Edge type domain logical physical Security Compliance Manager Version 0 5 1 15 flow or mapping One divided by the total number of outgoing connections No label Resets the label setting to default name L R t Label ji D E Sepa and protocol labels are visible Table 4 2 Labels 4 4 Apply Policies to Groups Each created node by default belongs to one group depending on its type which 1s either Information Node Application Node or System Node group However each node can belong to an arbitrary number of additional groups The group attribute 1s useful to batch apply certain functions to a subset of nodes simultaneously For instance the Apply Policies to Groups function allows to apply or remove policies to multiple nodes using one operation For example to apply the HIPAA security policy to all application nodes the policy can be selected in the left list whereas the applicable grou
13. e position when creating a node In the modeling pane generally there are two separation lines visible which indicated in what area which node type will be created Subsequent It can be reset to the original position by closing the detached window Security Compliance Manager Version 0 5 1 8 movement of a node outside its area does not change its type To change a type a node has to be deleted and a new node needs to be created inside its determined area Information Node They symbolize information or loosely speaking documents and are associated with business processes function business units unit and information elements data They symbolize applications that are used to process the information Information Node Application iade elements They are associated with data elements data roles role and vendors vendor They are actual physical computer systems used to run and use the System Node applications and process the information elements Typical fields are location vendor operating system network etc Table 3 2 Node types Each node type can hold several attribute values The key value pairs do have a one to one cardinality meaning that the node can only be associated with one owner for example Some attributes allow the association with multiple values such as unit for instance Internally the values are stored as strings and can therefore assume any format Node Properties Name Own
14. eatures Security reports which are based on function unit data etc Security reports which consider attribute values to calculate node compliance Editors for policies and option lists Refined policies whose controls only apply to specific node types Risk catalog items assignable to nodes including probabilities Interfaces to other production applications to import external data Group modeling capabilities for similar objects such as PCs Security Compliance Manager Version 0 5 1 21 External Libraries Used Name Version URL Apache Jakarta Commons Collections 3 1 http jakarta apache org commons collections Apache Jakarta Commons Logging 1 0 4 http jakarta apache org commons logging Apache XML Commons 1 0 http xml apache org commons Castor XML 0 9 9 1 http www castor org Cern Colt Scientific Library 1 2 0 http dsd lbl gov hoschek colt iText 1 4 http www lowagie com iText Java Universal Network Graph 1 7 4 http jung sourceforge net Framework JUNG JCommon 1 0 2 http www jfree org jcommon JFreeChart 1 0 1 http www jfree org jfreechart Xerces2 Java Parser 2 8 0 http xml apache org xerces2 j index html 2005 2006 Martin Luethi http www luethi net
15. ectly and indirectly preceding nodes All other nodes and edges are hidden Requires one selected node shows all its directly connected nodes All other nodes and edges are hidden Invokes a report presenting the static structure of the entire health information system Proportions of nodes and edges by type ownership as well as a list of nodes counting their selected attributes are provided Brings up a static report of the security relevant attributes of all the nodes and edges Lists policy compliance per node type authentication authorization and recovery methods Lists the attributes by node type Requires one node to be selected Calculates compliance values for all its succeeding nodes including an accumulated value that represents the total compliance value of the selected sub graph Brings up this user manual in a separate dialog window Requires a PDF reader application to be installed to work properly Table 3 1 Tool bar items and their function Security Compliance Manager Version 0 5 1 7 Some actions can also be found in the menu bar Operation modes can only be selected on the tool bar however The menu bar can be detached from the window by dragging 3 2 Modeling Pane To display an abstract management view of the entire health information system SCMA features three node types and four edge types Each node represents either an information application or system element Edges one directionally connect tw
16. er Group Unit Function Data Role System Vendor Version Location OS IP Net Node name that is displayed by default on the modeling pane Associated owner who is responsible for the node Assignable arbitrary label to allow operations on a subset of nodes Unit reading and writing information nodes Functions producing and consuming information Data fields elements belonging to the element User role implemented in application Application system type Vendor of application or system Version Product name of application or system Physical location of system Operating system of computing device IP address of computing device Subnet network of computing device Table 3 3 Node properties Where it makes sense an attribute has an option list which allows the user to select one or multiple values The option lists are customizable and can be adjusted to the system environment Security properties work in the same way as node properties They are used for the security analysis of the health information system The following security properties can be specified for each node type Security Properties Security target consists of assigned values for confidentiality integrity availability and Target Security Compliance Manager Version 0 5 1 9 Policy Authentication Authorization AUG Ling Recovery Software accountability Each attribute can assume none low medium or high as a value Predefined
17. es all have a one to one cardinality and can be assigned using an edge s context menu Edge Properties Name PHI PII Protocol Encryption Edge name which can be displayed on modeling pane Boolean value which indicates that protected health information is transmitted via this edge Boolean value which indicates that personally identifiable information is transmitted Protocol that is used to transmit the data Boolean value which indicates if the data transmitted is encrypted Table 3 6 Edge properties Security Compliance Manager Version 0 5 1 10 3 3 Property Dialog Each element type has its own property dialog showing its specific attributes only The dialogs are organized in the same manner They contain three tabbed panes that can be switched by pressing a tab Each tab contains several attribute fields as described in 3 2 1 and 3 2 2 Modifications on all the three panes are committed or canceled simultaneously by pressing the corresponding button Below the different attribute type fields are explained in more detail Information Element Property Dialog Properties l Security Compliance Tabs Type domain_node Name ADT Text Field Application Mode Administrative Department 2 Administrative Enterprise Value List Administrative Functional ee oes cme de Popup Fl te External fz Financial Accounting 2 3 Registration Patient Information Figure 4 Information element pr
18. low between systems applications and information or indicating mapping relationships The model is intended to provide a simplified management level perspective not an accurate technical view The application is an academic prototype which focuses especially on including the connectedness of nodes for an assessment of the security compliance In contemporary compliance assessments these connections are often neglected However in particular in a fragmented environment that requires a certain subset of information to comply with regulation the relatedness of nodes is considered important The software at hand is a proof of concept thereof Although attributes of nodes have to be entered manually and picked from customizable option lists in a production grade application these attributes would be imported from existing software agents directly as available from many system monitoring tool vendors or selected from corporate data repositories and directories Such interfaces can be implemented easily but are outside the scope of this work 2 Installation SCMA is written in Java and can be run platform independently For Windows users the application is packaged in a standard Windows installer file which does not require any additional software or JRE to be installed It can be downloaded and run from http www luethi net download scma scma installer exe Setup is simple and started by double clicking scma installer exe The entire
19. m Recovery Plan Gold lt 5hrs lt 3hrs lt hr lt 1dy Information Applications Systems Prit Repot Save Repot Print Save Figure 17 Information Security Configuration Report The Authentication Method Bar Diagramand Authorization Method Bar Diagram are grouped by attribute The bar color for information application and system elements correspond to the colors found in the Summary Table The first group includes bars for the total of all three node types Accordingly the second group Security Compliance Manager Version 0 5 1 18 has bars for all types with no such methods assigned Each attribute value has its own group with three bars for each node type 5 3 Sub Graph Compliance Report This report type requires one specific node to be selected Unlike the static reports described above it calculates values that incorporate the property of the graph specifically the weight of its edges the nodes degree and distance from the root node The following figure illustrates a simple graph which shows the weight for each edge and the in and out degree for each node separated by a forward slash For example the server node on the left has an in degree of it has 1 incoming edge from the information node above and an out degree of 4 3 outgoing connections to client nodes and one outgoing connection to the server node on the right Therefore all its outgoing edges obtain a weight of 0 25 1 di
20. nce List arrese na veuet nied ube tabiaesalnead ueteanaad tes 12 A View and TO O S asses E ansendadaerzorenet 12 4 1 NOG otcteai tdi a E Parakey se anee ana gieh I EAS 12 4 1 1 DCE CUON aina E a 12 4 1 2 Toole E E 13 4 1 3 SLA E E E E E O AE E E E tae PE 13 ee RCTS a E EEE 14 4 3 EE E E E E E E E A E T A E T 14 4d Apply PONCICS1O Groups certigon E 15 X Re DOIG eeen E Oa EN 15 5 1 InTOrmatiOn S yStem SUMMALY ai aa 16 5 2 Information Security Configuration cccccccccscssseseseeceeeceeaeeesseeeeeeeeeeaeeeeeees 16 33 Sub Graph Compliance Report ccccccccsccccccceeessessecceeeeeeaaeeeseeeeceeeeeeeeeeesees 18 5 4 Connectivity Distribution Repo anani E 19 E ETON S a E E A E A 20 7 Planned Features 0 aasaseseserseseresesessssarasesessscasasesessscarasesososcarasasestscarssesasesrarasesosesrare 20 Security Compliance Manager Version 0 5 1 3 1 Introduction Security Compliance Manager SCMA is a graphical proof of concept modeling application prototype that supports information security management activities in health care organizations It allows easy drag and drop modeling capabilities for heterogeneous and distributed information system architectures Additionally their security compliance can be analyzed against various predefined and custom security policies The model consists of nodes e g symbolizing information application and system elements and edges that connect the nodes e g symbolizing data f
21. o nodes together and represent information application or system flows or mapping relationships Further each node or edge can have a defined number of attributes which can be selected from an option list or can be added freely Security Compliance Manager v0 4 6 File Edt iew Tools Analysis Help olea lelhet lee alal All alale HIPAA GOUE lant Ray HIPAA Element Context Menu 70 ected Modes H 2 show Successors Delete Vertex RA Show Predecessors Properties E Show Neighbors H Pe ie m RIS Serve scp VEH 1 PAA Di 150 4110 Tik j athasin Server ER Serv S gi u a ee a OF z 4 RF a 4 by El 4 d Mame HIS Type Application Element Group Application Mode L Figure 3 Element context menu The attributes further determine how the elements are treated during the analysis process Node and edge attributes can be attached by bringing up the an element s context menu This can be achieved by two ways First in editing mode a node can be selected by pressing the left mouse button and the property dialog will open up directly Second in picking mode an element has to be selected and the right mouse button makes the context menu appear When Properties is selected the property dialog appears 3 2 1 Nodes The three different node types are listed in the table below The type a node is associated with is determined at creation time and cannot be changed it depends on the mous
22. olicies Moreover new files need to be indexed in index xml The following policy files are available out of the box Directory Description data policies hipaa xml HIPAA Security Standard USO xm ISO 17799 2005 nist xml NIST FISMA vdsg xml Verordnung Datenschutzgesetz Table 2 2 Pre defined policy files For a quick introduction to the capabilities of the application a sample data file is installed and can be loaded from the following location Directory Description samples simple example xml Example data file with several pre defined nodes and edges Can be loaded and modified in order to get an overview of application capabilities Table 2 3 Sample file The application can be run from the command line However it requires a correctly setup Sun JRE 1 5 including the JAVA_HOME variable may need to be set SCMA has been tested on Linux Fedora and SUSE Solaris and Mac OS X It can be downloaded at http www luethi net download scma scma tar gz The file can be extracted and run with the following or similar commands gzip d Sema tar gz tar xof scma tar java jar scma jar Security Compliance Manager Version 0 5 1 5 3 Modeling SCMA features several standard application components The menu bar provides the ability to navigate through all the functions of the application The tool bar which is separated into groups provides short cuts to often used features and capabilities The modeling pane i
23. operty dialog 3 3 1 Text Field A text field is a one line text area which can hold a string of various length It does not provide any optional choices or remember any entered values It is primarily used for naming of nodes products etc Each element can only hold one value per attribute 1 1 Name ADOT Figure 5 Text field 3 3 2 Checkbox Field The checkbox field contains a Boolean value which indicates if a condition or statement is true or false 1 e yes or no for a specific element attribute Security Compliance Manager Version 0 5 1 1 Encryption Figure 6 Checkbox field 3 3 3 Pop up Field Pop up fields or combo boxes allow the selection of exactly one value out of a predefined but customizable list The option list is kept in a separate XML file and is therefore remembered for other nodes or models Also if the corresponding choice for an attribute value cannot be found in the list the cursor can be set onto the text area and the value can be entered by keyboard It is immediately added as an option to the list and will appear the next time in the list Each element can only hold one value per attribute 1 1 Campus Emergency Campus Radiology Campus Registration Data Center 1 Data Certer 2 Data Center 3 External Figure 7 Pop up field 3 3 4 Slider Field The slider field allows the selection of a numerical value out of a predefined range This field type is currently used for the
24. ps are selected in the right list Multiple policies and groups can be selected by holding down the shift key In that case the operation is performed using a logical OR operation Pressing the Apply or Remove button performs the operation 4 Apply Policies To Groups HIPAA Security Standar Administrative Department ISO 17799 2 y2005 Administrative Enterprize MIST FIG Administrative Functional Verordung OSG 1994 Administrative Services Ancillary Services Application Mode Communication Depart Communication Enterpri Figure 15 Apply policies to groups dialog 5 Reports Reporting is a key component of the application Generally there are two different types of reports first static reports that indicate the status of the entire system and do not require the selection of any specific node Second reports that are intended to provide information regarding one specific node including relevant data of its connected successor nodes Naturally such reports require the selection of an element before running the analysis Reports can be printed or saved as a PDF file by using the corresponding buttons on the bottom of each report dialog A report can be longer than its dialog window which will result in a scroll bar on the right side of the window Likewise summary tables may obtain their own scroll bars Security Compliance Manager Version 0 5 1 16 5 1 Information System Summary This is a straight forward st
25. re indicates the calculated total compliance for the selected node 5 4 Connectivity Distribution Report This report presents a list of all nodes ranked by their degrees It is assumed that nodes with many outgoing connections are more important in a graph than nodes with few connections Therefore information security activities should focus in particular on nodes with many outgoing connections since their importance is high and their failure has the most consequences for the entire system Security Compliance Manager Version 0 5 1 20 5 kannein Distribution ae Hode Owner degree ut degree omen E BE r 2 ER Server moree 2 O18 a ee ais et Bo Psemer El Extemal BB Bo RiS Server El Medical Dire J2 j po Po Ray a a a a Bo ods D Etema e e O XRayib a o E Oh oe O E E e E ee ee mom pi ba Bo po Hill iii PC24 PzZ3 Pee PC20 Figure 19 Connectivity distribution report 6 Known Issues Changing the application window size can occasionally offset the model with the background line when zooming and panning Pressing the resize button readjusts the model to the new application window size Zooming and panning positions are not stored in the model and have to be adjusted each time a model is loaded Printing reports does not adjust the graphics to the correct paper size Saving reports currently does not work Constraints of the graph during modeling are not enforced Planned F
26. s the graphical view where the drag and drop modeling occurs it 1s separated by two lines separator which are explained below The status bar provides the user with feedback about actions such as the selection of elements in the pane Security Compliance Manager v0 4 6 Sele File Edit View Tools Analysis Help Menu Bar Co ta felt ele eal gals LA tnd eg Teer Par File Edit View Filters Selections Reports Help Pane Separator Modeling Pane Pane Separator Status Bar Figure 2 Security Compliance Manager application window The modeling activity can be started on an empty modeling pane or a previously created model It can be loaded by using the Open icon on the tool bar or the menu bar using File Open By default the sample directory s location is used by the file dialog 3 1 Tool Bar The tool bar allows the user to select certain modes of operation or invoke one time actions It changes the behavior of the mouse in the modeling pane changes its view or brings up a dialog The subsequent table summarizes the actions and comments their use Drops the current and model and resets the modeling pane Opens a file dialog to retrieve a model file Stores the current model prompts for a file name if it is a new file Security Compliance Manager Version 0 5 1 Editing Picking Panning Zoom In Zoom Out Resize View Find Nodes Find Edges Reset Filters Selections Reports
27. security policy applicable to node Used authentication controls Used authorization controls Applied auditing controls Associated recovery plans Security software such as AV patch mgmt etc Table 3 4 Security properties Although the attributes cannot be changed during runtime the application has been written to allow easy addition of more attributes However this requires access to the source code and requires recompilation 3 2 2 Edges Several types of edges are supported primarily determined by the nodes they connect Generally they can be differentiated between flow and mapping edges Flow edges can be of three different types as listed in the table below Mapping relations connect two different kind of nodes and indicate how the node of the upper layer is implemented Information Flow Application Flow System Flow Mapping A connection between two information nodes symbolizing the flow of information without making any assumption of its implementation A data flow between two applications determining the protocol how the data flow is realized on the application layer A connection between two system nodes indicating how the data flow is actually implemented on the system layer A mapping relation that shows what lower layer elements are actually used by nodes above in the information system Table 3 5 Edge types Corresponding to nodes edges can assume attributes The following edge attribut
28. vided by the out degree of the parent node 0 OL Ge O G Figure 18 Graph properties The analysis algorithm generally performs two steps First the compliance factor for each node is calculated independently of its neighbor nodes Currently it is derived from the total of compliant control items compared against the total of applied controls However this value could be obtained differently such as involving attribute values Second the weight of each node in the selected sub graph is calculated depending on the chosen analysis mode and multiplied with the compliance factor The sum of all these values result in the total compliance factor for the selected node Analysis Mode The selected node obtains the lowest compliance value of all its successor nodes in the sub graph Naturally this mode provides a very low compliance value which can be labeled as pessimistic Each node receives the same weight independently of its position in the sub graph The node weights are calculated by normalizing their degrees The more connected a node is the higher its weight 6 Lowest Value Evenly weighted Degree weighting Security Compliance Manager Version 0 5 1 19 The weight of a node decreases by its distance from the selected root node The weight of a node decreases by its distance from the selected Distance weighting node but is determined recursively starting with the child nodes first This is an experimental mo
Download Pdf Manuals
Related Search