Directions in programming and security of information for the data scientist

Quotes

Python is a good programming language choice for data scientists to learn. According to Bansal and Srivastava (2018), “This language can support different styles of programming including structural and object-oriented. Other styles can be used, too. Coding and debugging is (sic) easy to do in python, mainly because of ‘nice’ syntax.” (p.16). In addition to its advantages in flexible programming, python has other features that make it a good choice. “Tools like Python and SPSS are free of cost and their data handling capabilities are also quite good.

However, career in SPSS that is less impressive. It offers very few jobs and salary is not much.” (Bansal & Srivastava, 2018, p.17). The flexible programming capabilities, the cost, and the demand for python programmers as shown by number of jobs and salary make python a great choice for data scientists.

Paraphrase

Protection of the confidentiality, integrity, and access to sensitive information such as credit card and other financial information, are vital to cyber security. The three components that comprise the cyber defense triad; mandatory access control (MAC), limiting subversion, and verifiability are not sufficient, but are necessary for securing information. Incorporation of the elements of the cyber defense triad into an operating system (OS) is critical for a secure cyber system as an operating system that does not include these elements is a non-trustworthy operating system and thus not scientifically possible of securing information. One way to provide such security to an OS is to include a “Reference Monitor” as an aspect of the OS that will allow for the building of secure cyber systems. A Reference Monitor can address the cyber defense triad in that it enforces security policy on all references to information. It also limits subversion by being tamper-proof, and it provides an audit trail for verifiability. One way to implement the Reference Monitor is by a security kernel. This implementation can then evaluate all requested access to information by a user or a program (client) as to whether that client has authorized access to that information based on a reference check of the client’s clearance against the authorization access label of the information desired Only allowing access to those who match (Schell, 2016).

Summary

Security of sensitive data will never be efficient until system architectures are designed with security firmly integrated to create a trustworthy system. A trustworthy system would include three critical properties: protection against subversion, mandatory access control (MAC), and is verifiable. Current approaches to operating system design and management involve nearly endless patching of the system following the discovery of vulnerabilities. This reliance on monitoring and surveillance, whether intentional or not highlights the fact that systems were not designed with security as a firm requirement and that there are as yet numerous holes that can be exploited. An answer to this problem would be to integrate a security kernel into the design of an operating system. This approach has had success in the past, but have fallen out of use, although some still exists such as the Intel IA32 architecture. The Reference Monitor is one such security kernel. It would ensure increased security as it would provide for MAC policy implementation for every reference to information aiding in prevention of subversion. Such an implementation provides for the integrity and confidentiality of information. As the security kernel is an integral part of the OS and supporting hardware it is tamper-proof. As every reference for information is monitored, the security kernel provides for verifiability. It may take some-time to design and build such a security kernel, however once completed it can be implemented in a wide variety of systems providing for an economical use (Schell, 2016).