Securing the Smart Grid Decision Zone
A business process or business method is a collec+on of related, structured ac+vi+es or tasks (events) that produce a specific service or product (serve a par+cular goal) for a par+cular customer or customers. Business processes comprise a set of sequen+al sub-‐processes or tasks, with alterna+ve paths depending on certain condi+ons as applicable, performed to achieve a given objec+ve or produce given outputs. Each process has one or more needed inputs. The inputs and outputs may be received from, or sent to other business processes, other organiza+onal units, or internal or external stakeholders. Business processes are designed to be operated by one or more business func+onal units, and emphasize the importance of the “process chain” rather than the individual units. In general, the various tasks of a business process can be performed in one of two ways – 1) manually and 2) by means of business data processing systems such as ERP or BPM systems. Typically, some process tasks will be manual, while some will be computer-‐based, and these tasks may be sequenced in many ways. In other words, the data and informa+on that are being handled through the process may pass through manual or computer tasks in any given order. It is for this reason, that tasks or sub-‐processes (events) must be audited to ensure that objec+ves will be met.
1
. Business Process Audit System Simply, a business process audit system uses the documented business process or method to check if the input event causa+on history conforms, prior to an input event, triggering downstream systems. If the input events go unchecked or unaudited, events arising from external or internal cyber intruders or fraudsters will cause downstream systems to trigger, thereby compromising the business. Addi+onally, unchecked or unaudited input events can cause opera+ons risk, privacy and compliance issues. The business process audit system prevents against the misuse of company’s systems by blocking input anomalous event or events that can trigger systems. The business process audit system checking mechanism is flawless, where the events not following the documented business process or method are blocked and flagged. As explained in the introduc+on, the business process or method are used to define the sequence of events and their condi+ons to carry out ac+vi+es and tasks to achieve end objec+ves. By u+lizing the documented business process or method, the business process audit system checking mechanism no longer requires pre-‐defined misuse event paSerns or data rules.
2
Each event from external systems is checked against the process defini+on to ensure the audited input event causa+on history is in compliance, prior to triggering downstream systems. Decision-‐Zone has obtained a patent for methods and systems that can generically secure the enterprise infrastructure systems from both inside and outside threats (ac+vi+es or events) by audi+ng each input event or ac+vity using the process maps defined by the business. Those ac+vi+es not in compliance with the process map; including cyber intruder ac+vi+es, fraud ac+vi+es or opera+ons error ac+vi+es will be blocked and command and control no+fied. The business process audit system and methodology has been patented by Decision-‐ Zone (US 7908160). The end user experience is simple and intui+ve, powered by so]ware technology that can audit business process graphs directly to detect input events for non-‐conformance. The business process audit system enables organiza+ons to achieve live informa+on management capability for protec+ng, controlling, op+mizing, improving and re-‐ designing their business processes for maximizing customer experience and shareholder value. With non-‐live informa+on management system; the ability to perform these tasks is complex and at best predic+ve requiring countless systems and resources. 3
The chart below was prepared by IBM FISCD LABS compares live informa+on management system (Decision-‐Zone porcolio) with a non-‐live informa+on management system (IBM-‐SWG Porcolio). The IBM products are more suited for system device level security not Total Smart Grid Level Security.
4
Current IPS & IDS Solu+ons u+lize Systems Data for Only Device Level security not the total grid level security!
5
1
. Business Process Audit System Simply, a business process audit system uses the documented business process or method to check if the input event causa+on history conforms, prior to an input event, triggering downstream systems. If the input events go unchecked or unaudited, events arising from external or internal cyber intruders or fraudsters will cause downstream systems to trigger, thereby compromising the business. Addi+onally, unchecked or unaudited input events can cause opera+ons risk, privacy and compliance issues. The business process audit system prevents against the misuse of company’s systems by blocking input anomalous event or events that can trigger systems. The business process audit system checking mechanism is flawless, where the events not following the documented business process or method are blocked and flagged. As explained in the introduc+on, the business process or method are used to define the sequence of events and their condi+ons to carry out ac+vi+es and tasks to achieve end objec+ves. By u+lizing the documented business process or method, the business process audit system checking mechanism no longer requires pre-‐defined misuse event paSerns or data rules.
2
Each event from external systems is checked against the process defini+on to ensure the audited input event causa+on history is in compliance, prior to triggering downstream systems. Decision-‐Zone has obtained a patent for methods and systems that can generically secure the enterprise infrastructure systems from both inside and outside threats (ac+vi+es or events) by audi+ng each input event or ac+vity using the process maps defined by the business. Those ac+vi+es not in compliance with the process map; including cyber intruder ac+vi+es, fraud ac+vi+es or opera+ons error ac+vi+es will be blocked and command and control no+fied. The business process audit system and methodology has been patented by Decision-‐ Zone (US 7908160). The end user experience is simple and intui+ve, powered by so]ware technology that can audit business process graphs directly to detect input events for non-‐conformance. The business process audit system enables organiza+ons to achieve live informa+on management capability for protec+ng, controlling, op+mizing, improving and re-‐ designing their business processes for maximizing customer experience and shareholder value. With non-‐live informa+on management system; the ability to perform these tasks is complex and at best predic+ve requiring countless systems and resources. 3
The chart below was prepared by IBM FISCD LABS compares live informa+on management system (Decision-‐Zone porcolio) with a non-‐live informa+on management system (IBM-‐SWG Porcolio). The IBM products are more suited for system device level security not Total Smart Grid Level Security.
4
Current IPS & IDS Solu+ons u+lize Systems Data for Only Device Level security not the total grid level security!
5
