System Security

John Zachman’s use of the basic interrogatives to define a system lends itself to alternative analysis. One of these cases is system security. When it comes to security there are only four acts you can commit: Select, Insert, Update and Delete. However, you can commit these acts for each of the Zachman Framework Focuses: Data, Network, Motive, Process, People, Time and each of the Zachman Perspectives: Conceptual, Contextual, Logical, Physical, Mechanical, Instantial. What you have as a product is not just a security table, but a security cube. Below is an example of a security table defining 24 possible violations:

systemsecurity.jpg

A security cube would define 4 x 6 x 6 = 264 possible violations. It should be added that violations do not always work in isolation. For example spyware is a procedural insert and data selection. How many cells in the security cube would be affected if a plane crashed into one of your facilities?

It is also important to note that preventing snooping (or sniffing) is often an effective way to prevent the other three manipulation operations.  What they can’t see can’t hurt you.