Yellow Emperor Internal Canon (YEIC) is a part of series of Chinese Wisdom as a Service (CWaaS). It is capable of dispense wisdom to meet the reader’s need if that person has the necessary awareness.
This presentation is an obsequious attempt to apply YEIC to Information Security.
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Yellow Emperor Internal Canon on Information Security - part 1
1. Yellow Emperor's Internal
Canon on Information Security,
Part 1 of 2
“To fight a disease after it has occurred is like trying to dig a well
when one is thirsty or forging a weapon once a war has begun.”
2. Topics
Introduction
Human (Part 1 of 2)
Heaven (Part 1 of 2)
Earth (Part 2 of 2)
TCM – Traditional Chinese Medicine / Trusted Computing
Management (Part 2 of 2)
Conclusion
4. Who
Yellow Emperor – the First of Chinese Three Sovereigns and Five Emperors.
He is renowned for being the originator of the centralized state, a cosmic
ruler and a patron of esoteric arts. Traditionally, he reigned around 2697 –
2597 BC.
Qibo – the mythical doctor with enlightened knowledge of traditional
Chinese medicine. When Yellow Emperor first sought him to help rule the
country, Qibo was not interested. But when Yellow Emperor asked about
how to live long and healthy, Qibo became interested.
Yellow Emperor’s Internal Canon is a series of conversation between
Yellow Emperor and Qibo on how to have a long and healthy life.
5. What
Yellow Emperor’s Internal Canon (YEIC) is considered to be the
fundamental source on the Chinese Traditional Medicine
(CTM).
YEIC based on Daoist view of
nature’s five elements (earth, metal, water, wood, fire)
yin and yang (reactive, proactive force)
qi (breath)
the effect of both heaven and earth on a person’s health
focused more on preventing than reacting to illness.
6. When & Where
Though Yellow Emperor traditionally known to reign from
2697 – 2597 BC, the earliest YEIC text is believed to be dated
around 200 BC according to Joseph Needham and Lu Gwei-
Djen
Location: China
7. Why
YEIC is a part of series of Chinese Wisdom as a Service
(CWaaS). It is capable of dispense wisdom to meet the
reader’s need if that person has the necessary awareness.
This presentation is an obsequious attempt to apply YEIC to
Information Security.
Part 1 focuses on the Human and Heaven portions of YEIC
and how they apply to the information security.
Part 2 focuses on the Earth and the TCM portions of YEIC and
how they apply to the information security.
8. Human
Embodiment of Heaven and Earth whose outward appearances marks the flow of
time and whose innards are fixed like the cardinal points
9. Common Theme : Lifecycle
Like a person, both a company and an information security asset has a life
cycle.
Human Corporation Asset
Birth Docker, Illumino Classify Asset Right
Maturing Microsoft, Google Monitoring, Right
Management, Logic
Control
Illness Yahoo, IBM Loss of availability,
confidentiality, and/or
integrity
Death Compaq, Netscape Destruction of Asset
10. The Five Viscera
The Modern Western Medicine (MWM) began with the study of visible human
organs, and then further in-depth study of their structure and function. Their
relationship with other organs and body system are not important.
The Traditional Chinese Medicine (TCM) began with the theme: all things grow and
change.
From the text: That four seasons and yin yang are the root of all things.
Yin yang and four seasons changes mean that all things grow, age, and death. The
concept of the internal organs of TCM means that all organs influence each other, so that
the body constitutes an integral part of interactive system.
This concept is equally applicable to a business organization and an information security.
Five Viscera existed not just within human body, but also existed in the corporate
and information system.
11. Fire Elementswelling, flowering, brimming with energy
Heart, the position of kings,
is where deities resided.
Heart belongs to the fire element. Heart is
like the sun shining and drawing all the body
organs functioning. When heart stopped
working, people died.
The heart is the Chairman, commanding all
officials to coordinate with each other with
division of labors, so that the company
constitutes an indivisible whole.
The heart is the CISO (chief information
security officer), commanding all other ISO
to coordinate with each other with division of
labors, so that the information security
constitutes an indivisible whole.
心
者
,
君
主
之
官
,
神
明
出
焉
。
12. Earth Elementleveling and dampening (moderation) and fruition
Spleen, the treasury officer,
dispenses five flavors.
Spleen is the earth element where all things
grow. All living things depends on things
grow out of the land. People depends on
spleen to digest food and to transfer energy
to the entire body.
Spleen is the Treasurer where resources are
kept. A company with lots of resources have
lots of potential; a company with scan
resources has to struggle to get by.
Spleen is InfoSec’s asset management,
without which, sensitive assets will be made
available to hostile force.
脾
者
,
倉
廩
之
官
,
五
味
出
焉
。
13. Metal Elementharvesting and collecting
Lung, the Premier Ministre, dispenses
governance and regulation.
Lung is the metal element where it collects and
harvests oxygen from the air and dispense them
into blood streams. Lung is the only viscera that
can be voluntary controlled. Yet, it can affect how
kidney, liver, heart and spleen behaves.
Lung is the CEO whose action affects how other
departments behave. CEO leads other
management towards the common goal set by
the chairman.
Lung is the ISO who secured the network system.
Incoming and outgoing data are carefully
regulated. Data flow can be shut off temporary to
mitigate risk.
肺
者
,
相
傅
之
官
,
治
節
出
焉
。
14. Water Elementwhere stillness and storage pervades
Kidney, the engineering official,
dispenses crafts.
Kidney is the water element which is the
source of life. It possessed the innate essence
and the acquired essence that can be
transformed human tissue into organ, or to
spark another life.
Kidney is the R&D manager who makes
things happened. He harnessed the creative
genius with the modern technology to come
up new innovation.
Kidney is the ISO whose creativity combines
the business and the security needs into the
security policy that does not hinder but
enhances the company’s business
competitive advantages.
腎
者
,
作
強
之
官
,
技
巧
出
焉
。
15. Wood Elementwhich generates abundance and vitality
Liver, the General, dispenses
strategies and tactics.
Liver is the wood element which promotes
growths and immunization. It attempts to
neutralize hostile elements before they can
further damage other viscera. Unfortunately,
because it constantly defending the body to
external threats, it suffers the most and one of
the earliest organ to decline.
Liver is the chief risk management officer who
enables effective command and control of
significant risks, and related opportunities, to a
business and its various segments.
Liver is the ISO who specializes in the Incident
Response. Whenever there is an information
system crisis, the ISO has to coordinate
everyone to get the system back online, find
the root cause, and to provide
recommendation to prevent the disaster from
happening again.
肝
者
,
將
軍
之
官
,
謀
慮
出
焉
。
16. Yin & Yang in Organization/Entity
Yin
Passive, reactive, feminine force
Body: front, interior organ, body,
blood, below waist
Corporation: employees, finance,
products, buildings
Information Security: asset
management, incident response,
network system
Yang
Active, initiating, masculine force
Body: back, exterior skin/muscle,
head, qi, above waist
Corporation: management,
marketing, service, people
Information Security: access
management, risk management, data
stream
17. Qi in
Entity/Organization/
Information Security
Qi is the flow of energy.
In Human body, qi travels along the
meridian system.
In organization, qi is the financial
flow that keeps it alive. No
department can survive without
inflow of finance.
In Information Security, qi is the
information that travels along the
network system.
Acupuncture Pressure Points Chart from
http://lam24.wordpress.com/2009/10/07/acupuncture/
18. Examples of Qi in Organization &
Information Security
Logical Network Map from
http://www.umass.edu/i2/
Network Security Architecture Design from
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/safek12.ht
ml
20. Introduction to Heaven
Heaven is the symbol of nature in motions. It represents
cycles of changes, movement of times, and flutter of activity.
It also embodies the state that we found ourselves in a given
situation
Birth, Enlivening, Spring
Maturing, Ascending, Summer
Aging, Descending, Autumn
Death, Retiring, Winter
21. Spring
heaven and earth given birth
enable thriving in all living things
This spring air reflects the way of
maintaining good health
In nature, Spring represents birth of all
living things.
In business, Spring represents birth of
new products, business units, and
employees joining the enterprise.
In security, Spring represents births of
new employee access
certification cycle
malware in host machine
天
地
俱
生
,
萬
物
以
榮
…
此
春
氣
之
應
養
生
之
道
也
22. S u m mer
heaven and earth interacts,
all living things bloom
This summer air reflects the way of
maintaining longevity.
In nature, Summer represents all living things
at their prime.
In business, Summer represents the optimal
of new products, business units, and
employees reaching their full potential.
In security, Summer represents the peak such
as
employees gain more responsibility, more
access are granted
Certification cycle reaches greater acceptance
malware infects to largest number of
machines
天
地
氣
交
,
萬
物
華
實
…
此
夏
氣
之
應
養
長
之
道
也
23. A u t u mn
the heavenly chi hurried,
the earthly chi brightened
This autumn air represents the Way of
Harvesting.
In nature, Autumn represents all living things
pass their prime.
In business, Autumn represents the decline
of products, business units, and employees
potential. At this stage, resources are milked
for all their worth.
In security, Autumn represents the gradual
decline of
employees role have been redefined and may
not need certain access
Certification cycle moves toward closing cycle
as some business needs are not met.
malware infection has been contained and
reduced.
天
氣
以
急
,
地
氣
以
明
…
此
秋
氣
之
應
養
收
之
道
也
24. W i n t e r
Water froze and earth cracked,
undisturbed from the sun
This winter air represents the Way of
Hoarding.
In nature, Winter represents death of all
living things.
In business, Winter represents the closing of
product lines, business units, and employees
positions. At this stage, resources are
conserved.
In security, Winter represents the end of
employees accesses are closed
Certification cycle
malware infection
水
冰
地
坼
,
無
擾
乎
陽
…
此
冬
氣
之
應
養
藏
之
道
也
25. Yin and Yang in Heaven
Yang energy brings warmth
in Winter & Spring but
excessive heat in Summer &
Fall.
Yin energy brings relief in
Summer & Fall but
excessing frigidity in Winter
& Spring.
In Business:
Yang energy proactively starts
the company by finding a need.
Yin energy reactively starts the
company by fulfill a need.
In Security:
Yang energy championed the
need for security awareness.
Yin energy followed the
requirement for security
awareness.
26. Qi in Nature
In Heaven, the most
obvious sign of qi is the
movement of wind.
Scientifically, wind is
caused by difference in
atmospheric pressure.
Philosophically, wind is
caused by combination of
Yin and Yang.
In Business, the qi is the healthy
mix of Yin (inflow of revenue) and
Yang (outflow of products &
services).
In InfoSec, the qi is the healthy
mix of Yin (technology) and Yang
(InfoSec Pro).
27. In Closing - Heaven
Even though we designated three months of a year to a
season, yet, in reality, they are not constant as certain season
felt long and other season felt short.
Likewise, all things experience four different states, but not all
states have same durations.
A business unit takes a long to get start
A product line has short period of birth and discontinue, but
long periods on growing and declining
A certification can schedule to have the closing of one cycle
coincide with the starting of one another.
29. Summary
Yellow Emperor Internal Canon (YEIC) is a Chinese Wisdom as a Service
(CWaaS). It is capable of dispense wisdom to meet the reader’s need if
that person has the necessary awareness.
Historically, people have used it as is, to treat illness of their patients.
Others have used it as guide to treat illness of a dynasty
In Modern Time, could it serve other functions:
Treating illness of a business entity?
Treating illness of a information security network?
30. Summary
The Modern Western Medicine (MWM) treats individual organ as is
without paying attention to other organs.
The Traditional Chinese Medicine (TCM) began with the theme: all organs
influence each other, so that the body constitutes an integral part of
interactive system.
the root cause of a failed business component does not necessary resides
within that business component.
likewise, the failure of an information security system does not necessary
caused by that system.
31. Summary
Heaven represents movement of four phases:
All living things experienced birth, grown, declining, and death
All non-living things experienced forming, accumulating, decaying, and
dispersing
All social organization experienced transforming, performing,
reforming, and adjourning
All technologies experienced creating, thriving, maturing, and effacing
32. Summary
This PowerPoint presentation is the first of two parts that focuses on how
an ancient Chinese Wisdom as a Service can be applied in modern time in
form of analyze a corporation and an information security system.
This presentation focuses only the Human and the Heaven aspects of
Yellow Emperor Internal Canon.
Next presentation will focus on the Earth and the Traditional Chinese
Medicine treatment of Yellow Emperor Internal Canon.