The document discusses access rights management in information systems and proposes an innovative approach. It aims to better align access policies with business objectives by linking them to organizational processes and responsibilities. The approach uses concepts from the ISO/IEC 15504 process assessment standard to define policies based on processes, outcomes, roles and responsibilities. It then proposes a multi-agent system to automate deployment of access policies across IT systems and devices in a flexible way. The approach seeks to improve on existing identity management solutions which can be rigid and difficult to integrate across organizations.
From IT service management to IT service governance: An ontological approach ...IJECEIAES
Some companies have achieved better performance as a result of their IT investments, while others have not, as organizations are interested in calculating the value added by their IT. There is a wide range of literature that agrees that the best practices used by organizations promote continuous improvement in service delivery. Nevertheless, overuse of these practices can have undesirable effects and unquantified investments. This paper proposed a practical tool formally developed according to the DSR design science approach, it addresses a domain relevant to both practitioners and academics by providing IT service governance (ITSG) domain model ontology, concerned with maximizing the clarity and veracity of the concepts within it. The results revealed that the proposed ontology resolved key barriers to ITSG process adoption in organizations, and that combining COBIT and ITIL practices would help organizations better manage their IT services and achieve better business-IT alignment.
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATEIJNSA Journal
As a result of the increased dependency on obtaining information and connecting each computer together for ease of access/communication, organizations risk being attacked and losing private information through breaches or insecure business activities. To help protect organizations and their assets, companies need to develop a strong understanding of the risks imposed on their company and the security solutions designed to prevent/minimize vulnerabilities. To reduce the impact threats have on a network, organizations need to: design a defense layer system that provides multiple instances of protection to prevent unauthorized access to core information, implement a strong network hardware/intrusion prevention system, and create all-inclusive network/security policies that detail user rules and company rights. In order to enhance the overall security of a basic infrastructure, this paper will provide a detailed look into gathering the organizational requirements, designing and implementing a secure physical network layout, and selecting the standards needed to prevent unauthorized access.
From IT service management to IT service governance: An ontological approach ...IJECEIAES
Some companies have achieved better performance as a result of their IT investments, while others have not, as organizations are interested in calculating the value added by their IT. There is a wide range of literature that agrees that the best practices used by organizations promote continuous improvement in service delivery. Nevertheless, overuse of these practices can have undesirable effects and unquantified investments. This paper proposed a practical tool formally developed according to the DSR design science approach, it addresses a domain relevant to both practitioners and academics by providing IT service governance (ITSG) domain model ontology, concerned with maximizing the clarity and veracity of the concepts within it. The results revealed that the proposed ontology resolved key barriers to ITSG process adoption in organizations, and that combining COBIT and ITIL practices would help organizations better manage their IT services and achieve better business-IT alignment.
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATEIJNSA Journal
As a result of the increased dependency on obtaining information and connecting each computer together for ease of access/communication, organizations risk being attacked and losing private information through breaches or insecure business activities. To help protect organizations and their assets, companies need to develop a strong understanding of the risks imposed on their company and the security solutions designed to prevent/minimize vulnerabilities. To reduce the impact threats have on a network, organizations need to: design a defense layer system that provides multiple instances of protection to prevent unauthorized access to core information, implement a strong network hardware/intrusion prevention system, and create all-inclusive network/security policies that detail user rules and company rights. In order to enhance the overall security of a basic infrastructure, this paper will provide a detailed look into gathering the organizational requirements, designing and implementing a secure physical network layout, and selecting the standards needed to prevent unauthorized access.
Making IA Real: Planning an Information Architecture StrategyChiara Fox Ogan
Presented at Internet Librarian conference in 2001. Provides an introduction to what information architecture is and how you can use the methods to develop a good website.
Enterprise Architecture and Information SecurityJohn Macasio
A thinking tool to ask and describe the alignment requirements of business, information, technology and security to improve and secure the management of process, data, application and infrastructure of performance.
Agent-SSSN: a strategic scanning system network based on multiagent intellige...IJERA Editor
This article reports a development of a strategic scanning system network prototype system based on multi agent
system and ontology, called Agent-SSSN, for developing business intelligent strategies. This is a cooperative
approach to integrate the knowledge of experts in business intelligent system. The approach presented in this
chapter is targeted towards using ontologies. The use of ontologies in MAS environment enables agent to share
a common set of concept about context, expert user profiles and other domain elements while interacting with
each other. In this paper, we focus especially on the modeling of the system Multi-Agents using O-MaSE
(Organization-based Multiagent Systems Engineering Methodology) and a conceptual diagram of the ontology
database.
Call for papers CONFENIS 2012 - ERP conference - Enterprise Information SystemsCONFENIS 2012
Accepted papers will be published as full or short papers in a Lecture Notes in Business Information Processing (LNBIP) volume by Springer. At least one author of each accepted paper should register for the conference and attend to present the paper. Failure to comply with this rule means that the paper will be refused for publication in the proceedings.
IT Governance: Governance & Management of Enterprise IT, 25 - 28 October 2015...360 BSI
Information and related technology have become increasingly crucial in the sustainability, growth and management of value and risk in most enterprises. As a result, IT has moved from a support role to a central position within enterprises.
The enhanced role of IT for enterprise value creation and risk management has been accompanied by an increased emphasis on the Governance and Management of Enterprise IT (GEIT).
Enterprise stakeholders and the governing board wish to ensure that IT fulfills the goals of the enterprise. GEIT is an integral part of overall corporate governance.
GEIT addresses the definition and implementation of processes, structures and relational mechanisms within the enterprise that enable business and IT staff to
execute their responsibilities in support of creating or sustaining business value.
In this course you will learn and understand how to assess and evaluate an organization’s GEIT and make sure that IT is properly aligned with the business objectives.
COBIT 5 can help enterprises create optimal value from IT by maintaining a balance between realizing benefits, optimizing risk management and leveraging resources. The COBIT 5.0 addresses both business and IT functional areas and provides a governance, management and operational framework for enterprises of all sizes, whether commercial, not-for-profit or public sector.
Contact Kris at kris@360bsi.com to register.
Information System Success Framework based on Interpersonal Conflict Factors IJECEIAES
Information system success (ISS) has received considerable attention from researchers as it plays an important role in improving the efficiency and productivity of an organization. Several researchers have conducted empirical studies using numerous factors (e.g. organizational, technological, and individual factors) which affect the information system success. However, there are several factors which are related to interpersonal conflict which may affect information system success. The interpersonal conflict is a critical dimension which can greatly influence information system success in a competitive environment such as the financial sector. Therefore, this study introduces a framework to investigate the influence of interpersonal conflict factors on information system success in the Ministry of Finance, Yemen. The study employed a quantitative method which consists of the following steps: survey design, data collection and data analysis. A sample size comprising 130 employees were distributed in the Ministry of Finance, Yemen. Questionnaires were used to collect data from this sample. Data analysis (reliability, validity, correlation and factor analysis) has been carried out using SPSS. In addition, structural equation modelling (SEM) has been used for evaluation the research model. Based on the experimental results, the findings in this study revealed that the interpersonal factors (interference, disagreement and instability) significantly negatively (at 0.05 level of significance) influence user satisfaction of information system success.
IT Service Management (ITSM) Model for Business & IT AlignementRick Lemieux
Today’s multi-faceted business world demands that Information Technology provide its services in the context of a fully integrated corporate strategic model. This transformation becomes possible when IT evolves from its technological heritage into a Business Technical Organization, or an “internal service provider.” This paper describes how the itSM Solutions reference model integrates five widely used service management domains to create a powerful model to guide IT in its journey into the business leadership circle.
The management of IT carve-out projects is very challenging due to the strict time frame, the severe contractual penalties, the huge number of stakeholders and the various as well as unique IT tasks that have to be conducted. Up to now, there is no instrument for evaluating the readiness of the IT for a carve-out and also not for managing such a project. In order to address this, we develop a maturity model based on expert interviews and a literature review on success factors of IT carve-outs. The elements as well as the usage of the IT carve-out maturity model are explained. The maturity model has been evaluated
theoretically based on design principles and during a case study in the financial services industry. The developed maturity model can be used by practitioners for the management of IT carve-outs and also by researchers to examine IT carve-outs in empirical research.
A manual for the separation of IT during corporate re-organizations. The document contains a good foundation to IT M&A and PMI (post mergers integration). A good read for young consultants.
Making IA Real: Planning an Information Architecture StrategyChiara Fox Ogan
Presented at Internet Librarian conference in 2001. Provides an introduction to what information architecture is and how you can use the methods to develop a good website.
Enterprise Architecture and Information SecurityJohn Macasio
A thinking tool to ask and describe the alignment requirements of business, information, technology and security to improve and secure the management of process, data, application and infrastructure of performance.
Agent-SSSN: a strategic scanning system network based on multiagent intellige...IJERA Editor
This article reports a development of a strategic scanning system network prototype system based on multi agent
system and ontology, called Agent-SSSN, for developing business intelligent strategies. This is a cooperative
approach to integrate the knowledge of experts in business intelligent system. The approach presented in this
chapter is targeted towards using ontologies. The use of ontologies in MAS environment enables agent to share
a common set of concept about context, expert user profiles and other domain elements while interacting with
each other. In this paper, we focus especially on the modeling of the system Multi-Agents using O-MaSE
(Organization-based Multiagent Systems Engineering Methodology) and a conceptual diagram of the ontology
database.
Call for papers CONFENIS 2012 - ERP conference - Enterprise Information SystemsCONFENIS 2012
Accepted papers will be published as full or short papers in a Lecture Notes in Business Information Processing (LNBIP) volume by Springer. At least one author of each accepted paper should register for the conference and attend to present the paper. Failure to comply with this rule means that the paper will be refused for publication in the proceedings.
IT Governance: Governance & Management of Enterprise IT, 25 - 28 October 2015...360 BSI
Information and related technology have become increasingly crucial in the sustainability, growth and management of value and risk in most enterprises. As a result, IT has moved from a support role to a central position within enterprises.
The enhanced role of IT for enterprise value creation and risk management has been accompanied by an increased emphasis on the Governance and Management of Enterprise IT (GEIT).
Enterprise stakeholders and the governing board wish to ensure that IT fulfills the goals of the enterprise. GEIT is an integral part of overall corporate governance.
GEIT addresses the definition and implementation of processes, structures and relational mechanisms within the enterprise that enable business and IT staff to
execute their responsibilities in support of creating or sustaining business value.
In this course you will learn and understand how to assess and evaluate an organization’s GEIT and make sure that IT is properly aligned with the business objectives.
COBIT 5 can help enterprises create optimal value from IT by maintaining a balance between realizing benefits, optimizing risk management and leveraging resources. The COBIT 5.0 addresses both business and IT functional areas and provides a governance, management and operational framework for enterprises of all sizes, whether commercial, not-for-profit or public sector.
Contact Kris at kris@360bsi.com to register.
Information System Success Framework based on Interpersonal Conflict Factors IJECEIAES
Information system success (ISS) has received considerable attention from researchers as it plays an important role in improving the efficiency and productivity of an organization. Several researchers have conducted empirical studies using numerous factors (e.g. organizational, technological, and individual factors) which affect the information system success. However, there are several factors which are related to interpersonal conflict which may affect information system success. The interpersonal conflict is a critical dimension which can greatly influence information system success in a competitive environment such as the financial sector. Therefore, this study introduces a framework to investigate the influence of interpersonal conflict factors on information system success in the Ministry of Finance, Yemen. The study employed a quantitative method which consists of the following steps: survey design, data collection and data analysis. A sample size comprising 130 employees were distributed in the Ministry of Finance, Yemen. Questionnaires were used to collect data from this sample. Data analysis (reliability, validity, correlation and factor analysis) has been carried out using SPSS. In addition, structural equation modelling (SEM) has been used for evaluation the research model. Based on the experimental results, the findings in this study revealed that the interpersonal factors (interference, disagreement and instability) significantly negatively (at 0.05 level of significance) influence user satisfaction of information system success.
IT Service Management (ITSM) Model for Business & IT AlignementRick Lemieux
Today’s multi-faceted business world demands that Information Technology provide its services in the context of a fully integrated corporate strategic model. This transformation becomes possible when IT evolves from its technological heritage into a Business Technical Organization, or an “internal service provider.” This paper describes how the itSM Solutions reference model integrates five widely used service management domains to create a powerful model to guide IT in its journey into the business leadership circle.
The management of IT carve-out projects is very challenging due to the strict time frame, the severe contractual penalties, the huge number of stakeholders and the various as well as unique IT tasks that have to be conducted. Up to now, there is no instrument for evaluating the readiness of the IT for a carve-out and also not for managing such a project. In order to address this, we develop a maturity model based on expert interviews and a literature review on success factors of IT carve-outs. The elements as well as the usage of the IT carve-out maturity model are explained. The maturity model has been evaluated
theoretically based on design principles and during a case study in the financial services industry. The developed maturity model can be used by practitioners for the management of IT carve-outs and also by researchers to examine IT carve-outs in empirical research.
A manual for the separation of IT during corporate re-organizations. The document contains a good foundation to IT M&A and PMI (post mergers integration). A good read for young consultants.
Discussion 1Recommend three countermeasures that could enhance.docxelinoraudley582231
Discussion 1
Recommend three countermeasures that could enhance the information security measures of an enterprise. Justify your recommendations.
1. Upon extensive review of existing IT EBK and what new measures needed to be taken, Homeland Security came to the conclusion that a comprehensive approach information security including the steps of manage, design, implement, and evaluate would best serve to safeguard against future threats. Manage: calls for the oversight of security programs to come from the highest levels of chains of command with constant focus on “ensuring its currency with changing risk and threat” (2007, p. 9). Design: calls for analyzing a program to assess what types of “procedures and processes” will best direct its successful execution. Implement: refers to how programs and policies are instituted within the company. Evaluate: this final step calls for a final critique of the new program or policy’s successful ability to [achieve] its purpose (2007, p. 9).
2. Homeland Security also recommended a “Competency and Functional Framework for IT Workplace Development” that placed strong emphasis on a clear chain of command and communication with clear job titles and IT employee roles being placed into a group of Executive, Functional or Corollary employees (2007, p. 17).
3. The report stressed the primary role of “the IT Security Compliance Professional is . . . overseeing, evaluating, and supporting compliance issues pertinent to the organization” (Homeland Security, 2007, p.16). Thus, the report logically concluded that IT professionals must know and be able to properly define terms such as evaluation, compliance and assessment in order to properly perform their duties (p. 14).
Propose three cybersecurity benefits that could be derived from the development of a strategic governance process. Select the benefit you find most important and explain why.
The National Computing Centre points out that there are numerous benefits to having a rigorous strategic governance process in place. Among them, increased transparency and accountability which leads to an “improved transparency of IT costs, IT process, [and] IT portfolio (2005, p. 6). This increased transparency and accountability also leads to an “improved understanding of overall IT costs and their input to ROI cases” which in turn often brings about “an increased return on investment/stakeholder value” (p. 6). Finally, the authors point to the fact that with increased transparency comes increased accountability and companies avoid “unnecessary expenditures” (p. 7).
Discussion 2
Categorize the roles described by the Information Technology Security Essential Body of Knowledge (EBK), in terms of executive, functional, and corollary competencies. Select two of these roles that you believe enhance the security countermeasures of an organization the most and justify your response.
As mentioned previously, Homeland Security’s 2007 report emphasized the importance of properly .
Strengthening Employees Responsibility To Enhance Governance Of It Cobit Ra...guest418d60a0
The ongoing financial markets debacle and the global economic context advocate enhancing the governance of the companies and, de facto, improving the elaboration and the understanding of employees' responsibilities. Furthermore, the moral aspects of the business and the employees' commitment have appeared as becoming increasingly unavoidable to face emerging ethical challenges. These arising requirements have oriented our research toward the elaboration of an innovative responsibility model built on the concepts of obligation/accountability, right and commitment. This paper aims to present, validate and improve the responsibility model on the basis of a comparison to related concepts from the COBIT framework. In parallel to this improvement, proposals of conceptual modification of the COBIT framework are made and illustrated based on the RACI chart.
HAL Id hal-01484681httpshal.inria.frhal-01484681Sub.docxshericehewat
HAL Id: hal-01484681
https://hal.inria.fr/hal-01484681
Submitted on 7 Mar 2017
HAL is a multi-disciplinary open access
archive for the deposit and dissemination of sci-
entific research documents, whether they are pub-
lished or not. The documents may come from
teaching and research institutions in France or
abroad, or from public or private research centers.
L’archive ouverte pluridisciplinaire HAL, est
destinée au dépôt et à la diffusion de documents
scientifiques de niveau recherche, publiés ou non,
émanant des établissements d’enseignement et de
recherche français ou étrangers, des laboratoires
publics ou privés.
Distributed under a Creative Commons Attribution| 4.0 International License
Enterprise Information Systems Security: A Case Study
in the Banking Sector
Peggy Chaudhry, Sohail Chaudhry, Kevin Clark, Darryl Jones
To cite this version:
Peggy Chaudhry, Sohail Chaudhry, Kevin Clark, Darryl Jones. Enterprise Information Systems Se-
curity: A Case Study in the Banking Sector. Geert Poels. 6th Conference on Research and Practical
Issues in Enterprise Information Systems (CONFENIS), Sep 2012, Ghent, Belgium. Springer, Lec-
ture Notes in Business Information Processing, LNBIP-139, pp.206-214, 2013, Enterprise Information
Systems of the Future. <10.1007/978-3-642-36611-6_18>. <hal-01484681>
https://hal.inria.fr/hal-01484681
http://creativecommons.org/licenses/by/4.0/
http://creativecommons.org/licenses/by/4.0/
https://hal.archives-ouvertes.fr
Enterprise Information Systems Security: A Case Study
in the Banking Sector
Peggy E. Chaudhry1, Sohail S. Chaudhry1, Kevin D. Clark1, and Darryl S. Jones2
1 Department of Management and Operations/International Business, Villanova School of
Business, Villanova University, Villanova, PA 19085 USA
{peggy.chaudhry, sohail.chaudhry, kevin.d.clark}@villanova.edu
2 MBA Program,Villanova School of Business, Villanova University, Villanova, PA 19085
{djones21}@villanova.edu
Abstract. One important module of Enterprise Information System (EIS) is the
development and implementation of the security component of EIS.
Furthermore, this EIS Security structure needs to be monitored through the
corporate governance of the firm. Based on a literature review and our previous
work, we identified four key pillars of a model for EIS Security. These pillars
are Security Policy (e.g., set rules for employee behavior), Security Awareness
(e.g., continued education of employees), Access Control (e.g., access linked to
employee job function), and Top Level Management Support (e.g., engrain
information security into the company’s culture). We explore the relevance of
this model using a case study approach by way of interviewing top-level
information systems mangers in the banking sector. We validate the model
through using key informant in-depth interviews and qualitative research
methods.
Keywords: Enterprise information systems, security, conceptual model,
banking sector, case st ...
Unit V Case StudyFor this assignment, you will use the following.docxouldparis
Unit V Case Study
For this assignment, you will use the following case study.
Vandaveer, V. V. (2012). Dyadic team development across cultures: A case study. Consulting Psychology Journal: Practice and Research, 64(4), 279–294. Retrieved from https://libraryresources.columbiasouthern.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=85301202&site=ehost-live&scope=site
Given this scenario, include the following topics:
· Explain how culture can affect perceptions of team members in a group.
· Discuss strategies for working with leaders or team members who originate from a different culture than you.
· Expound on the significance of using the best type of verbiage to communicate with other members of a team in order to prove successful in task completion.
· Share the benefits of connecting with humor to build team camaraderie.
· Explain how personality traits, social factors, and styles of leadership can affect the competence and loyalty of a team member.
· Determine the different career options an employee might consider when having trouble working with a cohort or leader of a department.
Formulate your response to these questions using APA format in a minimum of a two-page paper that includes at least two outside sources. Therefore, two additional sources, in addition to the case study, are required. Please use the CSU Online Library databases to find academic journals as sources.
INFORMATYKA EKONOMICZNA BUSINESS INFORMATICS 3(37) • 2015
ISSN 1507-3858
e-ISSN 2450-0003
Radosław Wójtowicz
Uniwersytet Ekonomiczny we Wrocławiu
e-mail: [email protected]
THE IMPLEMENTATION OF THE ENTERPRISE
CONTENT MANAGEMENT SYSTEMS IN A COMPANY
WDRAŻANIE SYSTEMÓW ZARZĄDZANIA TREŚCIĄ
W PRZEDSIĘBIORSTWIE
DOI: 10.15611/ie.2015.3.08
JEL Classification: M150
Summary: Modern technological possibilities referring to business intelligence and
knowledge management support in an organization comprise mainly software which supports
groupware, software used for workflow management, intranets and corporal portals, tools
for remote learning, data warehouse and Enterprise Content Management systems. The
latter of the mentioned information technologies currently seems to be one of the most
crucial structural foundations of business intelligence and knowledge management systems
which have been developing rapidly over recent years. The main objective of this paper is
to present the author’s general methodology of the implementation of the ECM systems in
the organization resulting from the preliminary literature review and the extensive practical
experience. The first part of the study concentrates on the main definitions. The next and the
most important part presents the details of the proposed methodology.
Keywords: Enterprise Content Management, IT-projects, document management.
Streszczenie: Nowoczesne technologie informatyczne, służące wspieraniu rozwiązań klasy
business intelligence i zarządzania wiedzą, obejmują głównie ...
CHAPTER-1 Discussion 11) DiscussionCOLLAPSEIT value Infor.docxmccormicknadine86
CHAPTER-1 Discussion 1
1)
Discussion
COLLAPSE
IT value: Information Technology is used everywhere in the world. Information technology provides many services to other organizations and ends users such as by providing computer services, network services, hosting the applications and sites and other engineering applications. IT organizations price their services from their clients and customers. Many clients think that service providers are costing them more because they only know a few benefits about the services they are taking. For this service providers need to communicate and explain IT value with their customers, the benefits and features they are getting in it.
The IT value is realized when every product and service is analyzed and its benefits are used completely by the organization. This helps to make decisions about investment in new technology.
Reference:
Meyer, N. D. (2007, December 1). IT Value: What It Really Means. Retrieved from https://www.cio.com/article/2437551/it-value--what-it-really-means.html.
2)
Week 1 - Discussion Attachment
COLLAPSE
IT value is defined as capturing and understanding the business value derived from both financial and economical in information technology which consists of various components and systems. IT value consists of various category which include revenue quantity quality and cost. IT value is determined based on the organizational performance and the impact of information technology both at a higher level and medium level and organization hierarchy (John, 2003). IT value comprises of efficiency impact and competitive level impact. The IT value is understood by various means of technologies like using business intelligence and other data science technology is to understand the customer and what can be provided to create value internally as well as to any client. The organization's ethics and industrial standards will elevate the IT value of a company. IT value provides detailed information about the organization process and their correlation between the employees and their ideas and approach towards implementation and other projects.
Information technology is realized when the organization is not performing as per their industrial standards, The rectification is can be made by the senior executives and other decision-makers whether the IT value is being fulfilled internally and externally. The most important thing about IT realization is organization is justifying the services to the client (John, 2003)
References:
Glaser, John. (2003). Analyzing information technology value. Healthcare financial management : journal of the Healthcare Financial Management Association. 57. 98-100, 102, 104.
Lee, Byungtae & Menon, Nirup. (2000). Information Technology Value Through Different Normative Lenses.. J. of Management Information Systems. 16. 99-120. 10.1080/07421222.2000.11518267.
CHAPTER-1 Discussion 2
3)
Week 1 Discussion
Principles for delivering value
In almost all sections, IT can be d ...
Enterprise Governance in Web 2.0 World OverviewMichael Ruiz
Enterprise Governance is a framework that was created by the Enterprise Governance Working Group at BearingPoint, Inc and continued at Deloitte Consulting. Enterprise Governance is a well-define set of processes, procedures, and feedback mechanisms for more effectively governing large scale enterprises. Enterprise Governance leverages the power of crowd sourcing to solicit and elicit input from the enterprise at large. This presentation was given as a series of lecture at Virginia Commonwealth University School of Business.
A MULTI-CRITERIA EVALUATION OF INFORMATION SECURITY CONTROLS USING BOOLEAN FE...IJNSA Journal
For organizations, the protection of information is of utmost importance. Throughout the years, organizations have experienced numerous system losses which have had a direct impact on their most valuable asset, information. Organizations must therefore find ways to make sure that the appropriate and most effective information security controls are implemented in order to protect their critical or most sensitive classified information. Existing information security control selection methods have been employed in the past, including risk analysis and management, baseline manuals, or random approaches. However, these methods do not take into consideration organization specific constraints such as costs of implementation, scheduling, and availability of resources when determining the best set of controls. In addition, these existing methods may not ensure the inclusion of required/necessary controls or the exclusion of unnecessary controls. This paper proposes a novel approach for evaluating information security controls to help decision-makers select the most effective ones in resource-constrained environments. The proposed approach uses Desirability Functions to quantify the desirability of each information security control taking into account benefits and penalties (restrictions) associated with implementing the control. This provides Management with a measurement that is representative of the overall quality of each information security control based on organizational goals. Through a case study, the approach is proven successful in providing a way for measuring the quality of information security controls (based on multiple application-specific criteria) for specific organizations.
Similar to An agent based framework for identity management the unsuspected relation with isoiec 15504 (20)
Earliest Galaxies in the JADES Origins Field: Luminosity Function and Cosmic ...Sérgio Sacani
We characterize the earliest galaxy population in the JADES Origins Field (JOF), the deepest
imaging field observed with JWST. We make use of the ancillary Hubble optical images (5 filters
spanning 0.4−0.9µm) and novel JWST images with 14 filters spanning 0.8−5µm, including 7 mediumband filters, and reaching total exposure times of up to 46 hours per filter. We combine all our data
at > 2.3µm to construct an ultradeep image, reaching as deep as ≈ 31.4 AB mag in the stack and
30.3-31.0 AB mag (5σ, r = 0.1” circular aperture) in individual filters. We measure photometric
redshifts and use robust selection criteria to identify a sample of eight galaxy candidates at redshifts
z = 11.5 − 15. These objects show compact half-light radii of R1/2 ∼ 50 − 200pc, stellar masses of
M⋆ ∼ 107−108M⊙, and star-formation rates of SFR ∼ 0.1−1 M⊙ yr−1
. Our search finds no candidates
at 15 < z < 20, placing upper limits at these redshifts. We develop a forward modeling approach to
infer the properties of the evolving luminosity function without binning in redshift or luminosity that
marginalizes over the photometric redshift uncertainty of our candidate galaxies and incorporates the
impact of non-detections. We find a z = 12 luminosity function in good agreement with prior results,
and that the luminosity function normalization and UV luminosity density decline by a factor of ∼ 2.5
from z = 12 to z = 14. We discuss the possible implications of our results in the context of theoretical
models for evolution of the dark matter halo mass function.
THE IMPORTANCE OF MARTIAN ATMOSPHERE SAMPLE RETURN.Sérgio Sacani
The return of a sample of near-surface atmosphere from Mars would facilitate answers to several first-order science questions surrounding the formation and evolution of the planet. One of the important aspects of terrestrial planet formation in general is the role that primary atmospheres played in influencing the chemistry and structure of the planets and their antecedents. Studies of the martian atmosphere can be used to investigate the role of a primary atmosphere in its history. Atmosphere samples would also inform our understanding of the near-surface chemistry of the planet, and ultimately the prospects for life. High-precision isotopic analyses of constituent gases are needed to address these questions, requiring that the analyses are made on returned samples rather than in situ.
Slide 1: Title Slide
Extrachromosomal Inheritance
Slide 2: Introduction to Extrachromosomal Inheritance
Definition: Extrachromosomal inheritance refers to the transmission of genetic material that is not found within the nucleus.
Key Components: Involves genes located in mitochondria, chloroplasts, and plasmids.
Slide 3: Mitochondrial Inheritance
Mitochondria: Organelles responsible for energy production.
Mitochondrial DNA (mtDNA): Circular DNA molecule found in mitochondria.
Inheritance Pattern: Maternally inherited, meaning it is passed from mothers to all their offspring.
Diseases: Examples include Leber’s hereditary optic neuropathy (LHON) and mitochondrial myopathy.
Slide 4: Chloroplast Inheritance
Chloroplasts: Organelles responsible for photosynthesis in plants.
Chloroplast DNA (cpDNA): Circular DNA molecule found in chloroplasts.
Inheritance Pattern: Often maternally inherited in most plants, but can vary in some species.
Examples: Variegation in plants, where leaf color patterns are determined by chloroplast DNA.
Slide 5: Plasmid Inheritance
Plasmids: Small, circular DNA molecules found in bacteria and some eukaryotes.
Features: Can carry antibiotic resistance genes and can be transferred between cells through processes like conjugation.
Significance: Important in biotechnology for gene cloning and genetic engineering.
Slide 6: Mechanisms of Extrachromosomal Inheritance
Non-Mendelian Patterns: Do not follow Mendel’s laws of inheritance.
Cytoplasmic Segregation: During cell division, organelles like mitochondria and chloroplasts are randomly distributed to daughter cells.
Heteroplasmy: Presence of more than one type of organellar genome within a cell, leading to variation in expression.
Slide 7: Examples of Extrachromosomal Inheritance
Four O’clock Plant (Mirabilis jalapa): Shows variegated leaves due to different cpDNA in leaf cells.
Petite Mutants in Yeast: Result from mutations in mitochondrial DNA affecting respiration.
Slide 8: Importance of Extrachromosomal Inheritance
Evolution: Provides insight into the evolution of eukaryotic cells.
Medicine: Understanding mitochondrial inheritance helps in diagnosing and treating mitochondrial diseases.
Agriculture: Chloroplast inheritance can be used in plant breeding and genetic modification.
Slide 9: Recent Research and Advances
Gene Editing: Techniques like CRISPR-Cas9 are being used to edit mitochondrial and chloroplast DNA.
Therapies: Development of mitochondrial replacement therapy (MRT) for preventing mitochondrial diseases.
Slide 10: Conclusion
Summary: Extrachromosomal inheritance involves the transmission of genetic material outside the nucleus and plays a crucial role in genetics, medicine, and biotechnology.
Future Directions: Continued research and technological advancements hold promise for new treatments and applications.
Slide 11: Questions and Discussion
Invite Audience: Open the floor for any questions or further discussion on the topic.
Cancer cell metabolism: special Reference to Lactate PathwayAADYARAJPANDEY1
Normal Cell Metabolism:
Cellular respiration describes the series of steps that cells use to break down sugar and other chemicals to get the energy we need to function.
Energy is stored in the bonds of glucose and when glucose is broken down, much of that energy is released.
Cell utilize energy in the form of ATP.
The first step of respiration is called glycolysis. In a series of steps, glycolysis breaks glucose into two smaller molecules - a chemical called pyruvate. A small amount of ATP is formed during this process.
Most healthy cells continue the breakdown in a second process, called the Kreb's cycle. The Kreb's cycle allows cells to “burn” the pyruvates made in glycolysis to get more ATP.
The last step in the breakdown of glucose is called oxidative phosphorylation (Ox-Phos).
It takes place in specialized cell structures called mitochondria. This process produces a large amount of ATP. Importantly, cells need oxygen to complete oxidative phosphorylation.
If a cell completes only glycolysis, only 2 molecules of ATP are made per glucose. However, if the cell completes the entire respiration process (glycolysis - Kreb's - oxidative phosphorylation), about 36 molecules of ATP are created, giving it much more energy to use.
IN CANCER CELL:
Unlike healthy cells that "burn" the entire molecule of sugar to capture a large amount of energy as ATP, cancer cells are wasteful.
Cancer cells only partially break down sugar molecules. They overuse the first step of respiration, glycolysis. They frequently do not complete the second step, oxidative phosphorylation.
This results in only 2 molecules of ATP per each glucose molecule instead of the 36 or so ATPs healthy cells gain. As a result, cancer cells need to use a lot more sugar molecules to get enough energy to survive.
Unlike healthy cells that "burn" the entire molecule of sugar to capture a large amount of energy as ATP, cancer cells are wasteful.
Cancer cells only partially break down sugar molecules. They overuse the first step of respiration, glycolysis. They frequently do not complete the second step, oxidative phosphorylation.
This results in only 2 molecules of ATP per each glucose molecule instead of the 36 or so ATPs healthy cells gain. As a result, cancer cells need to use a lot more sugar molecules to get enough energy to survive.
introduction to WARBERG PHENOMENA:
WARBURG EFFECT Usually, cancer cells are highly glycolytic (glucose addiction) and take up more glucose than do normal cells from outside.
Otto Heinrich Warburg (; 8 October 1883 – 1 August 1970) In 1931 was awarded the Nobel Prize in Physiology for his "discovery of the nature and mode of action of the respiratory enzyme.
WARNBURG EFFECT : cancer cells under aerobic (well-oxygenated) conditions to metabolize glucose to lactate (aerobic glycolysis) is known as the Warburg effect. Warburg made the observation that tumor slices consume glucose and secrete lactate at a higher rate than normal tissues.
Richard's aventures in two entangled wonderlandsRichard Gill
Since the loophole-free Bell experiments of 2020 and the Nobel prizes in physics of 2022, critics of Bell's work have retreated to the fortress of super-determinism. Now, super-determinism is a derogatory word - it just means "determinism". Palmer, Hance and Hossenfelder argue that quantum mechanics and determinism are not incompatible, using a sophisticated mathematical construction based on a subtle thinning of allowed states and measurements in quantum mechanics, such that what is left appears to make Bell's argument fail, without altering the empirical predictions of quantum mechanics. I think however that it is a smoke screen, and the slogan "lost in math" comes to my mind. I will discuss some other recent disproofs of Bell's theorem using the language of causality based on causal graphs. Causal thinking is also central to law and justice. I will mention surprising connections to my work on serial killer nurse cases, in particular the Dutch case of Lucia de Berk and the current UK case of Lucy Letby.
An agent based framework for identity management the unsuspected relation with isoiec 15504
1. PAPER 66 1
Abstract— The generalization of open and distributed systems
and the dynamics of the environment make Information Systems
(IS) and, consequently, its access rights management an
increasingly complex problem. Even if support for this activity
appears to be well handed by current sophisticated solutions, the
definition and the exploitation of an access rights management
framework appropriately adapted for a company remain
challenging. This statement is explained mainly by the
continuous growth of the diversity of stakeholders’ positions and
by the criticality of the resources to protect. The SIM project,
which stands for “Secure Identity Management”, addresses this
problem.
The objectives of our paper are twofold. First, to make rights
management align closer to business objectives by providing an
innovative approach that focuses on business goals for defining
access policy. The ISO/IEC 15504 process-based assessment
model has been preferred for that research. Indeed, the
structured framework that it offers for the description of
activities allows for the establishment of meaningful links with
responsibilities concepts. Secondly, to automate the deployment
of policies through the company IT infrastructure’s components
and devices by defining a multi-agent system architecture that
provides autonomy and adaptability. Free and open source
components have been used for the prototyping phase.
Index Terms— Identity Management, Multi-agent
architecture, Policy Engineering, Responsibility model.
I. INTRODUCTION
NFORMATION Systems and rights management are
becoming more and more complex. This is mainly due to
the generalization of open systems, heterogeneous, distributed
and dynamic environments and the growth and diversity of
available solutions. In that context, defining and exploiting an
access control policy that addresses both the diversity of the
stakeholders’ statute (worker, employee or manager) and the
Article received December, 2007. This work (“An Agent-based Framework
for Identity Management: The Unsuspected Relation with ISO/IEC 15504”) is
part of the R&D project of the CRP Henri Tudor of Luxembourg in
collaboration with the University of Luxembourg“. The SIM “Secure Identity
Management” project was funded by the National Research Fund
Luxembourg.
B. G., C. F., J. A. and C. I. are with the Centre for IT Innovation, Centre de
Recherche Henri Tudor, Luxembourg, 29 Rue John F. Kennedy, L-1855
Luxembourg. Phone: +352/42.59.91-1 e-mails: {benjamin.gateau,
christophe.feltus, jocelyn.aubert, christophe.incoul} @ tudor.lu.
criticality of the resources to protect (public, secret,
confidential) is challenging. This challenge is then
complicated due to the perpetual evolution of the
organization’s structure, the business strategy, the employee’s
responsibilities, and even the legal requirements in effect.
Solutions exist to associate rights to profiles and
automatically apply those rights to all IS components and
devices. These kinds of solutions (called IAM-Identity
Management Solutions) are usually products with a
preformatted architecture and, consequently, present
difficulties in integration with the global IS solution of the
company.
At a functional layer, two major problems arise when trying
to deal with these existing applications. First, they are
principally based on the association of stakeholders to roles
following the RBAC model [1] or one of its derivations [4, 5].
In practice, and specifically in large companies, these kinds of
stakeholder-roles associations are often difficult to establish
because of the need to define a strict and refined number of
roles. Indeed, it is uncommon to identify two employees with
exactly the same job profiles. A second problem that occurs in
these solutions is that the calculation of access rights is made
according to the value of the asset being protected, its
vulnerability, and the existing threat. IT staff are normally
assigned this task and they will use existing tools issued from
the risk analysis domain to complete it. These methods
calculate a risk profile and propose a solution for securing the
asset without systematically validating it with the asset’s
business owner. In that, the business owner has been given a
solution without having had the possibility of optimizing the
ratio “business need” / “proposed countermeasure”.
Improving the way to define a more suitable IS access
rights according to the business requirements is the goal of our
research. We are attempting to do it by the means of policy.
Policy is a concept that has already been largely discussed in
scientific literature [6, 7, 8, 9]. Even if the majority of authors
exploit it in the sense of a number of technical rules to be
applied at a technical level [7, 8, 9], policy is also a more
general concept used at the higher level of the company [6,
10, 11] (for example, Basel II [10] may be seen as imposing
strategic policies for the financial sector). Whichever way
policy is perceived, we would point out that no common
definition of it exists yet, nor for its content [11]. However,
An Agent-based Framework for Identity
Management: The Unsuspected Relation with
ISO/IEC 15504
Benjamin Gateau, Christophe Feltus, Jocelyn Aubert, Christophe Incoul
I
2. PAPER 66 2
one common component that is generally present in all
definitions is the concept of “right”. Right [2, 3] is defined as:
privileges that a subject can hold and exercise on an object.
Later in the document [2], the author characterizes this
privilege as an access privilege to the object. More conceptual
components of the policy exist, specifically: responsibility,
obligation [2, 3, 9, 12], delegation [9], and commitment.
Those components are much less systematically integrated in
the definition but it has been proven that they may play an
important role in refining the engineering of policy. With the
desire to keep this paper didactic and based on a common
understanding of the organization’s artifacts, our work will be
grounded on process-based organization.
At a technical layer, two observations are made: first,
existing IAM solutions are usually (or generally) monolithic,
proprietary and non-flexible. “Identity and access
management defined” [13] explains that the complexity of
integrating the components of IAM solutions will cause 60
percent of enterprises to choose product suites that are owned
or licensed by, and supported through, one vendor. Secondly,
the development of a Federated Identity Management (FIM) is
a cornerstone concept that increases organizational
cooperation by sharing each other's resources and information.
However, implementing such a technology is challenging
because of the difficulty in integrating heterogeneous
applications – and consequently technologies - to
heterogeneous organizations. To address this concern, our
approach is based on the development of an open, agent-based
solution. Advantages of this technology are the autonomy and
the rapid and accurate adaptability according the usage
constraints.
With our approach, we aim to offer a new manner to
improve the way of defining a more suitable IS access rights
according to the business needs and deploying these rights to
their heterogeneous IS components.
Figure 1: Identity management life cycle
As shown on Fig.1, identity management is an activity that
could be achieved following a life cycle approach. First results
of our research attempt to bring innovation to parts “Policy
Engineering” and “Policy Deployment”.
Section 2 of this paper proposes a conceptual model that
integrates process concepts and responsibility components.
The Section 3 presents the agent based approach for deploying
policy. Section 4 introduces future work and conclusions.
II. PROCESS-ORIENTED POLICY ENGINEERING
A. Defining policy
This second section focuses on defining access control
policies from the organizational structure. As explained in
first section, the innovative research of this policy engineering
activity is to be centred mainly on business needs. Indeed,
data access is an important concept for IT security. Access
policies that enforce access right must take into account both:
- the strict restriction of access for stakeholders to data ;
- the guarantee that the business goal can still be achieve
in a efficient way.
To perform this policy engineering activity, we have
oriented our research toward a particular type of company
where process-based approaches are in use. Other frameworks
also have been chosen such as the matrix approach or the
pyramidal one. Future extension of this work could be done
for those alternative approaches [15], even if process based
approaches for formalizing the company’s activity exists for a
long time, a number of literature texts and norms deal with it.
For example, in [16] Ruth Sara Savén describes a Business
Process as a combination of a set of activities within an
enterprise with a structure describing their logical order and
dependence whose objective is to produce a desired result. In
CEN/ENV 12204 [17] a business process is defined as a
partially ordered set of enterprise activities which can be
executed to realize a given objective of an enterprise or a part
of an enterprise to achieve some desired end-result. Among
existing process formalisms, the standard ISO 9000 [24]
presents interesting perspectives in that it considers a process
as a set of interrelated or interacting activities, which
transforms inputs into outputs. Moreover ISO/IEC 15504 [18]
confers a structural framework for describing a process and
maturity model for process evaluation. Our work is based on
the establishment of a link between the concepts from
ISO/IEC 15504 and from the components which we will now
introduce.
The project SIM aims to define policies that are a best fit
for business goals and requirements. This is a basic
prerequisite of business-IT alignment. These goals and
requirements are translated according to ISO/IEC 15504 with
process’s concepts that are:
- Purposes, which describes a process;
- Outcome, which is an observable result of a process. It
is an artefact, a significant change of state or the
meeting of specified constraints,
- Base practice, which is an activity that, when
consistently performed, contributes to achieving a
specific process outcome;
- Work product, which is an artefact associated with the
execution of a process. It can be input (required for
outcome achievement) or output (result from outcome
achievement).
3. PAPER 66 3
Processes are observable through different outcomes and
are achieved by using resources, base practices and work
products.
ISO/IEC 15504 does not specifically addresses capability
and accountability, which are the components of the
responsibilities concepts necessary to achieve base practices.
Its maturity model permits it to measure the maturity level of
the processes and level 2 of this model seems adequate to deal
with responsibility. Even if the standard doesn’t discuss it, we
have decided to orient our work according to the description
of the responsibility that has been published in [15]: the
Responsibility is a set of capabilities, accountabilities and
commitment linked to a stakeholder that performs base
practices.
- Capability, which describes the quality of having the
requisite qualities or resources to achieve a task;
- Accountability, which describes the state of being
answerable about the achievement of a task.
- Commitment, which is the engagement of a stakeholder
to fulfil a task and the assurance he will do it.
Note that this pledge often has a character of right and an
obligation to fulfil this action. Commitment may be declined
under different perspectives, such as the willingness of social
actors to give their energy and loyalty to social systems or an
affective attachment to an organization apart from the purely
instrumental worth of the relationship [19]. For James G.
March and Johan P. Olsen [20], rules that manage a system
exist because they work well and provide better solutions than
their alternative. They also observe that peoples’ moral
commitment is a condition for the existence of a common
interpretation of rules. According to that statement and by
extrapolating “rules” to stakeholders’ capabilities and
accountabilities, commitment seems to be an unavoidable
component.
Defining policies from business processes are obtained, in
our research, by combining responsibilities and components to
ISO/IEC 15504 concepts. We observe quite naturally that
first, the Input Work product is a right for a stakeholder to
perform an activity; it is then combined with the Capability.
Secondly, the Output Work product is a stakeholder’
obligation at the issue of the activity. We combine it with
Accountability. Fig.2 illustrates this issue. Both
responsibilities’ components Capability and Accountability
are strongly linked to each other [15] in that accountability of
a role or a person permits us to deduce capability of another
role or person and conversely a capability stems from
accountability (e.g.: The capability “An engineer has access to
a specific file” stems from the accountability “An engineer has
to share a specific file with another engineer”).
Fig.3 shows at a more global point of view of this
conceptual connection between ISO/IEC 15504 and Identity
Management concepts. The identity management model is
composed of responsibilities associated to role, which are
given to specific persons.
Figure 2: Relationship between accountability and
capability responsibilities
- Role: which describes a role of a person in the
organization;
- Person: which describes a person who interacts with
the organisation and its processes.
A policy is applicable to software such as directory (LDAP,
Microsoft Active Directory…) file systems (NTFS, UFS…)
and hardware like firewalls or gateways.
Each responsibility is linked with a role, which describes
the role of a person in the organisation (role should not be
confused with the function, for example a engineer (function)
can be project manager and developer (roles)).
Of course, a person can be linked to one or more roles. The
role of a person permits us to define the access policy for that
person; for example to grant access permission to the project
management folder on the organisation’s fileserver. By being
linked to a role, a person has to give his/her commitment.
Figure 3: ISO/IEC 15504 and Identity management
models
4. PAPER 66 4
In practice, we have developing and extending modules in
order to be able to define the different ISO/IEC 15504 and
Identity management concepts into an open-source groupware
called eGroupWare [14].
When using this application, the business owner (or the
person in charge of the system) has to set up the different
organisational processes as “process templates”. A “process
template” will describe a generic process set up in the
organisation, for example the project management process,
which describes all of the essential project management steps.
In this kind of template-process, concepts are fully generic
and responsibilities are only linked to roles.
In order to instantiate a generic process into a specific
process (e.g.: project management of the SIM project), each
generic concept of this process is instantiated (process,
outcomes, base practices, work products, responsibilities and
roles) and roles are given to specific organisation members.
With all of these parameters, SIM will be able to deduce a
set of policies (hardware-applicable or not). This policy
deduction will be developed in our future work.
B. Case study
To illustrate the close relation between the ISO/IEC 15504
concepts and identity management concepts we describe an
example below that is a description of a part of the Process
Assessment Model (PAM) of the project management process
MAN3 as defined in the ISO/IEC 15504 model. Table.I shows
the different concepts linked to the outcome: “3) the tasks and
resources necessary to complete the work are sized and
estimated;”.
TABLE I:
MAIN CONCEPTS OF THE PROJECT MANAGEMENT PROCESS
ISO/IEC 15504-5:2006 MAN.3 Project management
Purpose
The purpose of the Project management process is to
identify, establish, co-ordinate, and monitor the
activities, tasks and resources necessary for a project to
produce a product and/or service, in the context of the
project’s requirements and constraints.
Outcomes
…
3) the tasks and resources necessary to complete the
work are sized and estimated;
…
Base Practices
…
MAN.3.BP4: Determine and maintain estimates for
project attributes. Define and maintain baselines for
project attributes. [Outcome: 2,3]
MAN.3.BP5: Define project activities and tasks. Identify
project activities and tasks according to defined project
life cycle, and define dependencies between them.
[Outcome: 3]
…
Workproducts
inputs
…
03-06 Process performance data [Outcome: 3,7]
08-12 Project plan [Outcome: 3, 6, 7]
10-01 Life cycle model [Outcome: 1, 3, 4, 5]
14-06 Schedule [Outcome: 1, 3]
…
Workproducts
output
…
08-12 Project plan [Outcome: 1, 2, 3, 4, 5]
14-06 Schedule [Outcome: 5]
…
In the example detailed in Fig.4, we assume that each
person is responsible of an outcome and has accepted this
mission (the commitment). For example, the Outcome’s
responsible (OR) 3, to fully realise the activity, must have the
capability (the right) to access to the “Process performance
data”, “Project plan”, “Life cycle model” and “Schedule”
resources. These elements are defined and linked to the Input
Workproducts in the process definition.
The “schedule” capabilities for the OR3 generate
obligations for another resource in the organisation. For
example, OR3 has the obligation to provide the capabilities to
OR3 on “Input Workproducts”. In our case, it can be
translated by a validation of an authorisation request (induced
by this “schedule” capability).
For the “project plan”, OR3 has, at the same time, a
capability, but has also an obligation to participate at the
elaboration of this output work product. In the same idea,
OR1 and OR5 have also accountabilities on the “project plan”.
Figure 4: Responsibility decomposition of the outcome 3
In practice, these concepts are entered into the tool via
eGroupWare-based modules (Process, Outcomes, Base
practices and Work products). Each module permits us to link
concepts to others; thus outcomes are linked to processes, and
base practices and work products are linked to outcomes. The
first step, as described above, is to enter the generic concepts
that correspond to a generic description of a process. Once
this step is realized, via the SIM module, it becomes possible
to have a process cartography showing a process and its
purpose, the linked outcomes, and relative base practices and
work products.
Fig.5 represents the cartography of the whole process of
ISO/IEC 15504-5:2006: MAN.3 Project management, with
the concepts of responsibilities generated by SIM. These
concepts will be called generic concepts, as the represented
process is a “generic” process, responsibilities on different
base practices are defined for roles.
5. PAPER 66 5
Figure 5: SIM module "Process cartography"
For each role, two kinds of responsibility are defined:
capability and accountability. These responsibilities describe
the role’s rights and obligations for a given base practice.
Fig.6 and Fig.7 show how responsibilities are entered. A
capability is assigned to a role and needs an action, a resource
and a mode (e.g.: [OR3] Outcome 3 responsible has this
capability: access to 14-06 Schedule in read mode).
Figure 6: Capability details form
Accountability is assigned to a role and defined by an
action and a resource (e.g.: [OR3] Outcome 3 responsible has
this accountability: complete 08-12 Project plan). An
accountability can create inherent capabilities; in order to
complete an action, it is sometimes necessary to have access
to something. In the case study example, the accountability
complete 08-12 Project plan causes the capability Access to
08-12 Project in write mode; and it will be necessary to have
permission to write to the file in order to be complete.
Figure 7: Accountability details form
From the model we defined, it’s possible to generate
generic policies that use roles in order to obtain enforceable
policies and a transformation from business model to XACML
[25] is done. XACML stands for eXtensible Access Control
Markup Language. It’s a declarative access control policy
language implemented in XML and a processing model
describing how to interpret the policies. The latest version 2.0
[26] was ratified by OASIS standards organization [27] on 1
February 2005; XACML 3.0 standard is not finalized yet. For
this project, only the policies declaration part of XACML is
used in order to store and disseminate policies through the
system. A policy obtained from a generic process would not
be directly applicable because it concerns roles, not physical
persons. Using this generic process, it’s possible to instantiate
a specific process: a project management process. For
example: the project management of the SIM project. In this
instantiate process, roles are assigned to physical persons. In
this example, Pierre Durand (defined into SIM using
appropriate module: Addressbook) is assigned to the role
OR3.
6. PAPER 66 6
Figure 8: Instantiated responsibilities details
Fig.8 shows how responsibilities are assigned to a person
(here: Pierre Durand). The responsibility of Pierre Durand is
composed by accountabilities and capabilities described by the
generic process model and some accountabilities and
capabilities are added in order to customize the model to the
needs (for example the capability Access to Budget Lines in
Read mode). Knowing his capabilities and accountabilities, he
can commit himself to realize a defined task.
The commitment means that Pierre Durand has accepted his
responsibility according to the capabilities and
accountabilities. Consequently it becomes possible to generate
specific policies (specific standings for enforceable policies).
The capabilities will be turned into XACML policies. From
the example above, the capability “Access to 14-06 Schedule
in Read mode” will be changed into XACML policy (Fig.9).
Pierre Durand (subject) has to obtain read right (action) access
on a resource called 14-06 Schedule (resource). Subject,
actions and resources details are stored on a database. In this
example, we assume that Pierre Durand’s addressbook table
ID (contact_id) is 42.
Figure 9: XACML policy example
Using all of the defined capabilities of each instantiated
process, SIM will be able to generate a full set of policies,
which will be transferred to the agent-based policy
deployment.
III. AGENT-BASED POLICY DEPLOYMENT
We need a means to apply policies in terms of specific
concrete rules. The communication between a component
managing the policies resulting in process-oriented policy
engineering and the devices which must apply concrete rules
should be provided by a standardized protocol such as SNMP
[30], COPS [28] or NETCONF [29]. Another solution is to
use multi-agent based communications.
SNMP is a simple network management protocol designed
by the IETF (Internet Engineering Task Force). An SNMP-
managed network consists of three key components: (i) a
network management station (NMS) executing applications
that monitor and control managed devices, (ii) the managed
devices i.e. network nodes that we want to manage and (iii)
SNMP agents which are network-management software
modules residing in managed devices.
COPS is a signaling protocol designed by the IETF for
exchanging policy information between a policy server
(Policy Decision Point or PDP) and its clients (Policy
Enforcement Points or PEP). It is a simple query and response
protocol that can be used to send configuration requests and
return policy decisions to enforce.
NETCONF is a network management protocol standardized
by the IETF. The NETCONF protocol provides mechanisms
to install, manipulate, and delete the configuration of network
devices. It also can perform some monitoring functions. It
uses an Extensible Markup Language (XML) based data
encoding for the configuration data as well as the protocol
messages. The NETCONF protocol operations are realized on
top of a simple Remote Procedure Call (RPC) layer.
If we take the terms defined by COPS, these protocols
could be used to send messages between a PDP and some
PEP. These protocols are secured and permit a certain quality
of service. But they don't specify how a PEP transforms an
abstract policy sent by the PDP into a concrete rule. These
solutions neither define architecture and functions of PDP and
PEP. These components must not only send messages but also
“work together” to apply concrete rules on devices. That's
why we think that the use of a Multi-Agent System (MAS) is
a solution because it provides autonomous entities that can be
collaborative. A Multi-Agent System is composed of several
agents, capable of a mutual interaction which can be in the
form of message passing or the production of changes in their
common environment [21]. Agents are pro-active, reactive
and socially autonomous entities able to exhibit organized
activity, in order to meet their designed objectives, by
eventually interacting with users. Agents are collaborative by
being able to commit themselves to the society or/and another
agent [22]. So, if we consider that each technical module
(firewall, fileserver, LDAP directory, etc.) is interfaced with
7. PAPER 66 7
an agent, all agents will collaborate in order to apply a set of
common policies.
Figure 10: Multi-Agent System framework
We propose a Multi-Agent System gathering three types of
agents to build the SIM's technical architecture as shown in
Fig.10. Each device (technical module) is interfaced with an
agent called PEP for Policy Enforcement Point. The PEP
communicates with an agent called PDP (for Policy Decision
Point) whose goal is to retrieve PEP agents and distributing
policy to be applied. At last, the PIE agent (Policy
Instantiation Engine) interfaces with the policy base in order
to be aware of new policies to apply. We give main
functionalities of each of the kinds of agents in the following
sections.
A. Policy Instantiation Engine
This is the interface between the policies and the agents,
between the transformation of the business process definition
and its deployment. PIE agents detect when new policies are
available and must be applied or when some policies have
been modified or deleted. At this moment, it sends requests to
add, modify or delete some policies to the PDP. For that, it
must be able to make difference between new and previous
organisation configuration by producing messages asking to
add, modify or delete policies.
B. Policy Decision Point
The PDP's architecture is shown in Fig.11. There are two
main modules: the policy analysis and the component
configuration mapper. The policy analysis module has to
perform a variety of validation checks.
First, it verifies the syntax of the policy specification
provided by a PIE. This module will then verify that the newly
received policies are consistent with current applied rules
(coming from the policy status base). A set of policies will be
consistent if it can be shown that no contradictory policies will
ever be found in a SIM system. The user will be able to
choose the system behavior if a conflict is detected. For the
moment, the old rules that derivate from the previous policy
are canceled and the newly received policy that contradicts the
applied rules.
The policy analysis module communicates with a “policy
rules status” database. This database stores the newly received
policies and their current status (in progress, not applicable,
by-passed, enforced, removed…). In addition, the module
should detect rules that cannot be enforced due to a lack of
PEP. As a consequence a PDP should be aware of the
different managed PEPs.
For this reason, the PDP agent is helped by a Facilitator
agent. This agent manages the network topology by retrieving
PEP agents according to their localisation (devices registered
with an IP address or MAC address) or according to actions
they could apply and their type (firewall, fileserver, etc.). For
this, the Facilitator uses white pages and yellow pages
services.
Figure 11: Policy Decision Point architecture
The Component Configuration Mapper must state in detail
which kind of actions need to be taken by which kind of
network devices/applications. This module receives high level
policies and generates generic format policies for each type of
PEP (router, firewall, IDS…). For that, it asks the Facilitator
to determine what PEPs are impacted by the policies update
by mapping a set of possible actions to the current network
components capabilities.
If some rules are not applicable, the component
configuration mapper notifies the policy analysis module. This
one will update the policy rules status. Problematic rules will
be passed by, and their status in the “policy status” database
will change from “in progress” to “by-passed”. Then the
corresponding policies are sent to the concerned PEP.
C. Policy Enforcement Point
A PEP agent must manage each device that is part of SIM’s
technical layer. Agents are specific according to the kind of
devices or the kind of services that the device offers. It is
8. PAPER 66 8
specific in order to know how to transform policies
represented in an abstract format (XACML [23] in our case)
for applicable scripts or rules. Fig.12 shows the PEP's
architecture. A PEP is composed of three modules which are
referred to as monitoring, observation and enforcement.
The monitoring module controls the PEP actions and stores
all relevant actions/events. It receives abstract policy from the
PDP and chooses which action and parameters must be
executed to apply the policy. Then, the enforcement module
launches this local appropriate action mechanism by applying
the selected script. The progress of the operations can be
provided to the Observation module. This last module
performs periodically, or during a script execution,
measurements to evaluate the current state of the PEP. But this
is also the module through which an audit could be done by
sending feedback to the Audit Correlation Engine (ACE).
Figure 12: Policy Enforcement Point architecture
Let us take the policy example from Fig.9 permitting the
user “42” to read the resource “14-06 Schedule”. The PEP
interfacing with a UNIX-like fileserver registered the
“chmod” action. So it will construct its script to execute with
elements from the policy: the permission to read will be
transformed into '+r'. If we consider that user “42” is not the
owner of the file, the command to execute will be “chmod a+r
14-06 Schedule”and the enforcement module of the PEP will
execute it. The observation module will perform
measurements and feedback information concerning the
fileserver rules. In this particular case and for this resource, it
will send a policy saying that all users are permitted to read
the “14-06 Schedule” resource and not only the user “42”.
To summarize, the use of a multi-agent system framework
gives PIE, PDP and PEP the ability to cooperate and
communicate between themselves in order to implements
policies. It also provides flexibility, openness and
heterogeneity because when we decide to add a new PEP, we
just have to provide the agent able to concretely apply the
policies.
IV. CONCLUSION AND FUTURE WORK
This paper introduces the SIM approach, an innovative
environment for defining and deploying policies in a
heterogeneous environment. SIM facilitates the rights
management by using a process approach based on business
goals. This business-oriented approach is facilitated by the
conjunctive use of the ISO/IEC 15504 and identity
management concepts. The set of policies resulting of this
engineering can be deployed using a multi-agent system. For
example, agents collaborate in order to send abstract policies
to each device concerned and to transform and implement
them concretely on each system by executing scripts on a
fileserver or adding rules for a firewall. This solution provides
heterogeneity, flexibility and openness because of facilitator
registering agents and the same abstract policies format used
between agents. Agents deploy common rules but the
administrator can modify system configurations directly.
Current and future work will focus on the enhancement of
the approach in the following domains shown in Fig.1: the
“Policy Audit” and in the “Policy Transformation”.
Concerning the “Policy Audit”, in order to avoid a difference
between the organisational point of view and the system
configuration point of view, we plan to give agents the ability
to do an audit on their system on feed-back deployed policies
to compare with the policies coming from the engineering
activities. Deeper work in the “Policy Transformation” will
also be conducted in order to develop a policy deduction
strategy from the organisational layer to the technical one.
Future works will also be concerned with the
communication between agents and how to make them secure.
We plan to use the JADE framework which uses the FIPA-
ACL message. The main attributes are the sender, the
receiver, the language and the protocol used and the content of
the message. We have to choose the language and then define
the protocol that the agents will follow in order to deploy a set
of policies and to audit applied rules. Next, we will improve
the message structure by adding certificate information as in
[31] in order to fill the security gap.
ACKNOWLEDGMENT
SIM “Secure Identity Management” is an R&D project of
the CRP Henri Tudor developed in collaboration with the «
University of Luxembourg » and funded by the National
Research Fund Luxembourg.
REFERENCES
[1] D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn and R.
Chandramouli, “Proposed NIST standard for role-based access control”,
ACM Transactions on Information and System Security, Vol. 4, No. 3,
August 2001, Pages 224-274.
9. PAPER 66 9
[2] J. Park, R. Sandhu, “Originator control in usage control”, Policy 2002:
IEEE 3rd International Workshop on Policies for Distributed Systems
and Networks, Monterey, California, U.S.A.
[3] J. Park, R. Sandhu, “Towards usage control models: beyond traditional
access control”, SACMAT’02, June 3-4, 2002, California, USA.
[4] R. K. Thomas, “Team-based access control (TMAC): a primitive for
applying role-based access controls in collaborative environments”,
RBAC '97: Proceedings of the second ACM workshop on Role-based
access control, 1997.
[5] A. Abou El Kalam, R. El Baida, P. Balbiani, S. Benferhat, F. Cuppens,
and al., “Organization based access control.” IEEE 4th International
Workshop on Policies for Distributed Systems and Networks (Policy
2003), Lake Come, Italy, June 4-6, 2003.
[6] A. I. Antón, J. B. Earp, “Strategies for developing policies and
requirements for secure electronic commerce systems”, 1st Workshop on
Security and Privacy in E-Commerce at CCS2000.
[7] P. Samarati, S. De Capitani di Vimercat, « Access control: policies,
models, and mechanisms », IFIP WG 1.7 Int’l School on Foundations of
Security Analysis and Design (FOSAD 2000), LNCS 2171, pp. 137-196,
2001.
[8] R. Crook, D. Ince, B. Nuseibeh, “Modelling access policies using roles
in requirements engineering”, Information and Software Technology 45
(2003) 979-991.
[9] N. Dulay, E. Lupu, M. Solman, N. Damianou, “A policy deployment
model for the ponder language », An extended version of paper in Proc.
IEEE/IFIP International Symposium on Integrated Network
Management, (IM’2001), Seattle, May 2001, IEEE Press.
[10] Basel Committee on Banking Supervision, “International convergence of
capital measurement and capital standards”; BIS; Basel, June 2004.
[11] C. Camerer, “Redirecting research in business policy and strategy,
Strategic Management Journal, Vol.6, No. 1. (Jan. – Mar., 1985), pp. 1-
15.
[12]D. Marriott and M. Sloman, "Implementation of a management agent for
interpreting obligation policy", IFIP/IEEE 7th international workshop on
distributed systems operations and management (DSOM), 1996.
[13] R. J. Witty, A. Allan, J. Enck, R. Wagner, "Identity and access
management defined", Publication Date: 4 November 2003, Gartner
Research.
[14] Official eGroupWare community website, http://www.egroupware.org,
December 5, 2007.
[15] C. Feltus and A. Rifaut, “An ontology for requirements analysis of
managers’ policies in Financial Institutions”, I-ESA07, 2007.
[16] R. S. Savén, Process modelling for enterprise integration: review and
framework, 13th International Working Seminar on Production
Economics, Igls/Innsbruck, Austria, February 18-22, 2002.
[17] CEN/ENV 12204: Advanced manufacturing technology - Systems
architecture - Constructs for enterprise modelling, CEN TC 310/WG1,
1996.
[18] ISO/IEC 15504, “Information Technology – Process assessment”, (parts
1-5), 2003-2006.
[19] Md. Zabid A. Rashid, M. Sambasivan, J. Johari, “The influence of
corporate culture and organisational commitment on performance”,
Journal of Management Development, ISSN: 0262-1711, Vol, 22., issue
8, pp. 708 – 728.
[20] J. G. March and J. P. Olsen, The logic of Appropriateness, ARENA
Working Papers WP 04/09.
[21] J-P. Briot and Y. Demazeau, “Principes et architectures des systèmes
multi-agents”, Hermés-Lavoisier, 2001.
[22] N. R. Jennings and M. J. Wooldridge, “Applications of intelligent
agents”, Agent Technology Foundations, Applications, and Markets,
Springer-Verlag, 1998.
[23] S. Godik, T. Moses, et al, “eXtensible Access Control Markup Language
(XACML) Version 1.0”, OASIS Standard, February 18th, 2003.
[24] ISO 9000:2005, Quality management systems - Fundamentals and
vocabulary.
[25] eXtensible Access Control Markup Language (XACML) homepage,
http://xml.coverpages.org/xacml.html, December 12, 2007.
[26] XACML 2.0 Specifications, http://www.oasis-
open.org/committees/tc_home.php?wg_abbrev=xacml#XACML20,
December 12, 2007.
[27] Organization for the Advancement of Structured Information Standards
(OASIS) homepage, http://www.oasis-open.org/home/index.php,
December 12, 2007.
[28] D. Durham, J. Boyle, R. Cohen, S. Herzog, R. Rajan, A. Sastry, “The
COPS (Common Open Policy Service) protocol”, IETF RFC 2748,
January 2000.
[29] R. Enns, “NETCONF configuration protocol”, IETF RFC 4741,
december 2006.
[30] D. Harrington, R. Presuhn, B. Wijnen, “An architecture for describing
Simple Network Management Protocol (SNMP) management
frameworks”, IETF RFC 3411, December 2002.
[31]P. Novàak, M. Rollo, J. Hodìk and T. Vlcek, “Communication security
in multi-agent systems”, Multi-Agent Systems and Applications III,
Lecture Notes in Computer Science 2691,pp 454-463, 2003.