This document discusses the importance of effective communication in organizations and some best practices. While technologies allow for information sharing, effective communication requires clear meaning and feedback. Corporate communications should be concise, avoid jargon, state the topic and reference previous discussions. Feedback is important to ensure shared understanding. Communication must flow two ways, and organizations risk overload without filtering irrelevant information. Clear, concise ideas that avoid ambiguity help facilitate understanding between individuals and groups.
Ms 425 electronic banking and it in banks (1)smumbahelp
This document provides information about obtaining fully solved assignments for the course "Electronic Banking and IT in Banks". It lists the course code, title, assignment number and coverage. It provides contact information for an email address and phone number to request assignments. It also provides 5 questions related to the course topics and detailed answers to each question.
Managing Social Media Risks for MunicpalitiesDan Michaluk
The document discusses social media use and risks for municipalities and their employees. It outlines how off-duty employee speech on social media could negatively impact employers if it affects other employees, job performance, or the organization's reputation. The document recommends municipalities create two policies: one to guide all employees on social media use and another to license certain employees to officially communicate on behalf of the municipality. It also addresses how municipalities should handle situations where current employees are targets of negative online comments to protect workplace safety and reputation while avoiding defamation lawsuits.
Brenda, an employee, expressed frustration about her boss John on Facebook. She said he talks down to employees and lacks knowledge. Can John fire Brenda for her Facebook post? Probably not, as criticism of working conditions and a supervisor by multiple employees is protected concerted activity under the National Labor Relations Act. However, protections are narrow and only apply if the social media activity relates to improving working conditions, not just personal complaints. Employers can have social media policies but they cannot be too broad and must not limit protected concerted activities.
- Global Finance Inc. (GFI) is a financial company experiencing growth and expanding into new markets. It employs over 1,600 employees across multiple countries.
- The company has experienced several cyber attacks in recent years compromising the confidentiality, integrity and availability of its data and systems.
- As Computer Security Manager, you must propose solutions to strengthen GFI's authentication, network security and data protection to address the CEO's concerns about risks from mobility, wireless access, and moving to cloud computing and online services.
Bluedog Rescues the FTC - eWeek Magazine 103006tom termini
The Federal Trade Commission (FTC) was suffering from a botched upgrade of the Identity Theft and Do Not Call systems. Bluedog's crack team of technologists implemented a service oriented architecture to modernize the legacy big data systems, as well as provide links to the CRM in call centers, local and federal law enforcement, and build a conduit for sharing data via XML. All for a low cost, in record time, and with Java-based WebObjects technology from Apple.
The document discusses security issues related to cloud computing. It identifies three main areas of concern: security and privacy of data, compliance with regulations, and legal/contractual issues. It provides checklists of specific security topics and concerns to evaluate for each area when considering adopting cloud services, such as data protection, identity management, business continuity, and liability. The goal is to help users properly assess cloud providers' security practices to protect their data and investments in the cloud.
2012 01 24 Report of the Acting General Counsel concerning social media casesKrishna De
For further information go to:
http://www.nlrb.gov/news/acting-general-counsel-issues-second-social-media-report
For a curated summary relating to the NLRB Costco ruling visit:
http://storify.com/krishnade/costco-national-labor-relations-board-ruling-affec
http://bgn.bz/costco
This document discusses the importance of effective communication in organizations and some best practices. While technologies allow for information sharing, effective communication requires clear meaning and feedback. Corporate communications should be concise, avoid jargon, state the topic and reference previous discussions. Feedback is important to ensure shared understanding. Communication must flow two ways, and organizations risk overload without filtering irrelevant information. Clear, concise ideas that avoid ambiguity help facilitate understanding between individuals and groups.
Ms 425 electronic banking and it in banks (1)smumbahelp
This document provides information about obtaining fully solved assignments for the course "Electronic Banking and IT in Banks". It lists the course code, title, assignment number and coverage. It provides contact information for an email address and phone number to request assignments. It also provides 5 questions related to the course topics and detailed answers to each question.
Managing Social Media Risks for MunicpalitiesDan Michaluk
The document discusses social media use and risks for municipalities and their employees. It outlines how off-duty employee speech on social media could negatively impact employers if it affects other employees, job performance, or the organization's reputation. The document recommends municipalities create two policies: one to guide all employees on social media use and another to license certain employees to officially communicate on behalf of the municipality. It also addresses how municipalities should handle situations where current employees are targets of negative online comments to protect workplace safety and reputation while avoiding defamation lawsuits.
Brenda, an employee, expressed frustration about her boss John on Facebook. She said he talks down to employees and lacks knowledge. Can John fire Brenda for her Facebook post? Probably not, as criticism of working conditions and a supervisor by multiple employees is protected concerted activity under the National Labor Relations Act. However, protections are narrow and only apply if the social media activity relates to improving working conditions, not just personal complaints. Employers can have social media policies but they cannot be too broad and must not limit protected concerted activities.
- Global Finance Inc. (GFI) is a financial company experiencing growth and expanding into new markets. It employs over 1,600 employees across multiple countries.
- The company has experienced several cyber attacks in recent years compromising the confidentiality, integrity and availability of its data and systems.
- As Computer Security Manager, you must propose solutions to strengthen GFI's authentication, network security and data protection to address the CEO's concerns about risks from mobility, wireless access, and moving to cloud computing and online services.
Bluedog Rescues the FTC - eWeek Magazine 103006tom termini
The Federal Trade Commission (FTC) was suffering from a botched upgrade of the Identity Theft and Do Not Call systems. Bluedog's crack team of technologists implemented a service oriented architecture to modernize the legacy big data systems, as well as provide links to the CRM in call centers, local and federal law enforcement, and build a conduit for sharing data via XML. All for a low cost, in record time, and with Java-based WebObjects technology from Apple.
The document discusses security issues related to cloud computing. It identifies three main areas of concern: security and privacy of data, compliance with regulations, and legal/contractual issues. It provides checklists of specific security topics and concerns to evaluate for each area when considering adopting cloud services, such as data protection, identity management, business continuity, and liability. The goal is to help users properly assess cloud providers' security practices to protect their data and investments in the cloud.
2012 01 24 Report of the Acting General Counsel concerning social media casesKrishna De
For further information go to:
http://www.nlrb.gov/news/acting-general-counsel-issues-second-social-media-report
For a curated summary relating to the NLRB Costco ruling visit:
http://storify.com/krishnade/costco-national-labor-relations-board-ruling-affec
http://bgn.bz/costco
This document discusses the challenges of regulating electronic contracts and transactions in Tanzania's legal system. As business and activities increasingly move online, laws have not kept pace, particularly in developing countries. Determining consent when e-agents or software programs are involved in contracts has become an issue. The book aims to explain the view of traditional contracts transitioning to digital transactions under Tanzania's new Electronic Transaction Act of 2015, specifically regarding the role of e-agents.
Jeremy works for a government employer and uses his personal computer at work. While the employer has a policy prohibiting personal internet usage, Jeremy has been visiting pornographic websites. This could expose the employer to liability for sexual harassment if a colleague complains. As a government employee, Jeremy has some expectation of privacy for personal belongings at work, but the employer also has rights to monitor electronic communications and search without a warrant if policies are violated or laws broken. The employer should consider blocking pornographic sites and prohibiting personal computer use at work to prevent these issues.
Electronic Evidence - The Special Case of EmailDan Michaluk
This document discusses challenges related to email in litigation. It addresses managing email retention on corporate servers, locating emails within and outside corporate networks, accessing emails, including on employer systems and mobile devices, and proving the authenticity of emails. Key issues explored include retention policies, accessing employee emails, proving authentic versus fabricated emails, and authenticating cloud-based communications from various applications and providers.
Energy Audit Retrofit Contract Legalities PittfallsAmy Shriner
This document discusses legal issues related to social media use by employers and employees. It outlines various risks including damage to reputation, liability, disclosure of confidential information, and disputes over ownership of social media accounts. The document also examines potential legal claims involving discrimination, privacy concerns, National Labor Relations Act issues, and intellectual property. It emphasizes the importance of preserving social media evidence and complying with industry regulations regarding document retention.
Global Finance, Inc. (GFI) is a financial company that manages thousands of accounts across North America and employs over 1,600 people. As the Computer Security Manager, you are responsible for protecting GFI's information systems and data. However, the CEO believes IT can be outsourced to cut costs, leading to budget and staff cuts that concern the COO. You must address security issues to convince the CEO of the value an internal IT department provides.
Erkan Kahraman, Chief Trust Officer at Projectplace, gave a presentation on cloud services and security. He discussed Projectplace's security program and ecosystem which covers all aspects of cloud risks. Top customer concerns with cloud include legislation, privacy, security, and data ownership. The chief threats to cloud security are data breaches, loss, and account hijacking. Security measures discussed included encryption, access control, and monitoring. Ensuring customer trust requires considering location of data, terms of service, retention policies, and other factors. Government access to data varies by country and transparency reports provide some insight into requests.
Embellished résumé transcript[music playing]you are the ethicsmodi11
King lied about having an MBA on her resume when she was hired 10 years ago. She has since received promotions and excellent performance reviews. However, an MBA is now required for her current senior vice president position. The ethics officer must analyze the situation using Badaracco's Right vs Right framework and consider the legal implications of resume fraud to make a recommendation. Legally, resume fraud provides justification for termination as an at-will employee. However, King has a record of success and the company would not want to lose her. The ethics officer recommends allowing King to retain her position given her past performance but issuing a written warning, and revising hiring policies to prevent similar situations.
Outsourcing business processes raises risks that companies can mitigate. Recent security breaches at third-party contractors show these risks, from identity theft to disrupted operations. Companies are addressing risks by having service providers incorporate tighter security checks and audits, and by monitoring outsourced work more closely in real-time. Risks include operational failures, strategic threats like intellectual property theft, and loss of in-house skills. Companies must understand interdependencies and focus on weakest links, while service providers must work closely with clients to implement best practices across extended organizations. Countries that rely on outsourcing can also help by strengthening legal protections.
Identity REvolution multi disciplinary perspectivesKarlos Svoboda
The identity [r]evolution is happening. Who are
you, who am I in the information society ?
In recent years, the convergence of several factors – technological, political, economic –
has accelerated a fundamental change in our networked world. On a technological level, information
becomes easier to gather, to store, to exchange
and to process. The belief that more information
brings more security has been a strong political
driver to promote information gathering since September 11. Profiling intends to transform information into knowledge in order to anticipate one’s behaviour, or needs, or preferences. It can lead to
categorizations according to some specific risk criteria, for example, or to direct and personalized
marketing. As a consequence, new forms of identities appear. They are not necessarily related to our
names anymore. They are based on information,
on traces that we leave when we act or interact,
when we go somewhere or just stay in one place,
or even sometimes when we make a choice. They
are related to the SIM cards of our mobile phones,
to our credit card numbers, to the pseudonyms
that we use on the Internet, to our email addresses,
to the IP addresses of our computers, to our profiles… Like traditional identities, these new forms of
identities can allow us to distinguish an individual
within a group of people, or describe this person as
belonging to a community or a category.
Vint big data research privacy technology and the lawKarlos Svoboda
This document discusses privacy issues related to big data. It begins by describing how organizations use big data to target customers for marketing purposes, but often do so without transparency around what customer data is being collected and how it is used. This can undermine customer trust and privacy. The document advocates for transparency, choice, and an approach called "Privacy by Design" to help address privacy concerns while enabling the benefits of big data. It also examines the complex legal and technical challenges around privacy as data practices continue to evolve rapidly. The overall goal is to develop solutions that respect individual privacy and allow both individuals and organizations to benefit from big data.
The document defines and provides examples for several words related to concepts like abstraction, compliance, expediting tasks, diligence, relevance, dissent, reverence, extolling, reprehensible actions, advocacy, pragmatism, endorsement, redundancy, conspicuousness, incessance, rigor, scrutiny, and discord.
The document describes the NOEMI assessment methodology, which was developed as part of a research project to help very small enterprises (VSEs) improve their IT practices. The methodology aims to assess VSEs' IT capabilities in order to facilitate collaborative IT management across organizations. It was designed to be aligned with common IT standards like ISO/IEC 15504 and ITIL, but adapted specifically for VSEs. The methodology has been tested through several case studies with VSEs in Luxembourg, with promising results.
If you’re having trouble finding the time and energy to market your business, it may be your habits are to blame! You can’t grow your business if you aren’t marketing consistently and putting yourself in front of people who are already looking for your solutions. And you can’t market consistently if you have poor time management and productivity habits. What you CAN do is make simple shifts in your mindset to break through these challenges and make progress in reaching your goals. In this week’s podcast, I share some simple ways you can change your habits to find more time for marketing.
This document proposes an innovative systemic approach to risk management across interconnected sectors. It suggests using enterprise architecture models to manage cross-sector risks in Luxembourg's complex ICT ecosystem. The approach would provide regulators an overview of all players and systems, as well as models of different sectors to analyze collected data and risks at a national level, fostering accurate and reactive risk mitigation across economic domains.
This document discusses the different types of "si clauses" or conditional sentences in French. There are three main types: first conditional for likely present or future situations, second conditional for unlikely past situations, and third conditional for impossible past situations. Examples of each type are provided along with their English equivalents using "if...then". A quiz with 15 example sentences follows to test understanding of the different conditional structures.
The document describes the evolution of Amazon's Kindle e-reader devices over time from 2007 to 2011. It notes the year of release and key features of each generation, including display sizes from 6 to 9.7 inches, storage capacities from 2GB to 8GB, and battery life ranging from 1 week to 2 months depending on WiFi usage. It also covers the introduction of new technologies like E Ink Pearl displays, text-to-speech, 3G connectivity, and the first Kindle Fire tablet in 2011 with a color touchscreen but no 3G, camera, or SD card slot.
The document provides an overview of how search engines like Google work. It explains that search engines use web crawlers or spiders to index websites by following links and reading content and metadata. The spiders return this information to be indexed. When a user searches, the search engine checks its index rather than searching the entire web. Google in particular runs on thousands of computers to allow parallel processing. It uses Googlebot to fetch pages from the web and an indexer to store words and links from pages in a database. It then uses a query processor to match searches to relevant indexed pages based on factors like page popularity, position of search terms, and how pages link to each other.
Este documento presenta los resultados de una encuesta de opinión realizada en Lima Metropolitana en agosto de 2010. La encuesta midió las preferencias electorales para la alcaldía de Lima sin la candidatura de Alex Kouri, arrojando que Lourdes Flores sería la favorita con un 41.4% de la intención de voto, seguida por Susana Villarán con un 17.5%. La encuesta también incluyó información técnica como el tamaño y metodología de la muestra, los distritos incluidos, y la empresa
This document discusses the challenges of regulating electronic contracts and transactions in Tanzania's legal system. As business and activities increasingly move online, laws have not kept pace, particularly in developing countries. Determining consent when e-agents or software programs are involved in contracts has become an issue. The book aims to explain the view of traditional contracts transitioning to digital transactions under Tanzania's new Electronic Transaction Act of 2015, specifically regarding the role of e-agents.
Jeremy works for a government employer and uses his personal computer at work. While the employer has a policy prohibiting personal internet usage, Jeremy has been visiting pornographic websites. This could expose the employer to liability for sexual harassment if a colleague complains. As a government employee, Jeremy has some expectation of privacy for personal belongings at work, but the employer also has rights to monitor electronic communications and search without a warrant if policies are violated or laws broken. The employer should consider blocking pornographic sites and prohibiting personal computer use at work to prevent these issues.
Electronic Evidence - The Special Case of EmailDan Michaluk
This document discusses challenges related to email in litigation. It addresses managing email retention on corporate servers, locating emails within and outside corporate networks, accessing emails, including on employer systems and mobile devices, and proving the authenticity of emails. Key issues explored include retention policies, accessing employee emails, proving authentic versus fabricated emails, and authenticating cloud-based communications from various applications and providers.
Energy Audit Retrofit Contract Legalities PittfallsAmy Shriner
This document discusses legal issues related to social media use by employers and employees. It outlines various risks including damage to reputation, liability, disclosure of confidential information, and disputes over ownership of social media accounts. The document also examines potential legal claims involving discrimination, privacy concerns, National Labor Relations Act issues, and intellectual property. It emphasizes the importance of preserving social media evidence and complying with industry regulations regarding document retention.
Global Finance, Inc. (GFI) is a financial company that manages thousands of accounts across North America and employs over 1,600 people. As the Computer Security Manager, you are responsible for protecting GFI's information systems and data. However, the CEO believes IT can be outsourced to cut costs, leading to budget and staff cuts that concern the COO. You must address security issues to convince the CEO of the value an internal IT department provides.
Erkan Kahraman, Chief Trust Officer at Projectplace, gave a presentation on cloud services and security. He discussed Projectplace's security program and ecosystem which covers all aspects of cloud risks. Top customer concerns with cloud include legislation, privacy, security, and data ownership. The chief threats to cloud security are data breaches, loss, and account hijacking. Security measures discussed included encryption, access control, and monitoring. Ensuring customer trust requires considering location of data, terms of service, retention policies, and other factors. Government access to data varies by country and transparency reports provide some insight into requests.
Embellished résumé transcript[music playing]you are the ethicsmodi11
King lied about having an MBA on her resume when she was hired 10 years ago. She has since received promotions and excellent performance reviews. However, an MBA is now required for her current senior vice president position. The ethics officer must analyze the situation using Badaracco's Right vs Right framework and consider the legal implications of resume fraud to make a recommendation. Legally, resume fraud provides justification for termination as an at-will employee. However, King has a record of success and the company would not want to lose her. The ethics officer recommends allowing King to retain her position given her past performance but issuing a written warning, and revising hiring policies to prevent similar situations.
Outsourcing business processes raises risks that companies can mitigate. Recent security breaches at third-party contractors show these risks, from identity theft to disrupted operations. Companies are addressing risks by having service providers incorporate tighter security checks and audits, and by monitoring outsourced work more closely in real-time. Risks include operational failures, strategic threats like intellectual property theft, and loss of in-house skills. Companies must understand interdependencies and focus on weakest links, while service providers must work closely with clients to implement best practices across extended organizations. Countries that rely on outsourcing can also help by strengthening legal protections.
Identity REvolution multi disciplinary perspectivesKarlos Svoboda
The identity [r]evolution is happening. Who are
you, who am I in the information society ?
In recent years, the convergence of several factors – technological, political, economic –
has accelerated a fundamental change in our networked world. On a technological level, information
becomes easier to gather, to store, to exchange
and to process. The belief that more information
brings more security has been a strong political
driver to promote information gathering since September 11. Profiling intends to transform information into knowledge in order to anticipate one’s behaviour, or needs, or preferences. It can lead to
categorizations according to some specific risk criteria, for example, or to direct and personalized
marketing. As a consequence, new forms of identities appear. They are not necessarily related to our
names anymore. They are based on information,
on traces that we leave when we act or interact,
when we go somewhere or just stay in one place,
or even sometimes when we make a choice. They
are related to the SIM cards of our mobile phones,
to our credit card numbers, to the pseudonyms
that we use on the Internet, to our email addresses,
to the IP addresses of our computers, to our profiles… Like traditional identities, these new forms of
identities can allow us to distinguish an individual
within a group of people, or describe this person as
belonging to a community or a category.
Vint big data research privacy technology and the lawKarlos Svoboda
This document discusses privacy issues related to big data. It begins by describing how organizations use big data to target customers for marketing purposes, but often do so without transparency around what customer data is being collected and how it is used. This can undermine customer trust and privacy. The document advocates for transparency, choice, and an approach called "Privacy by Design" to help address privacy concerns while enabling the benefits of big data. It also examines the complex legal and technical challenges around privacy as data practices continue to evolve rapidly. The overall goal is to develop solutions that respect individual privacy and allow both individuals and organizations to benefit from big data.
The document defines and provides examples for several words related to concepts like abstraction, compliance, expediting tasks, diligence, relevance, dissent, reverence, extolling, reprehensible actions, advocacy, pragmatism, endorsement, redundancy, conspicuousness, incessance, rigor, scrutiny, and discord.
The document describes the NOEMI assessment methodology, which was developed as part of a research project to help very small enterprises (VSEs) improve their IT practices. The methodology aims to assess VSEs' IT capabilities in order to facilitate collaborative IT management across organizations. It was designed to be aligned with common IT standards like ISO/IEC 15504 and ITIL, but adapted specifically for VSEs. The methodology has been tested through several case studies with VSEs in Luxembourg, with promising results.
If you’re having trouble finding the time and energy to market your business, it may be your habits are to blame! You can’t grow your business if you aren’t marketing consistently and putting yourself in front of people who are already looking for your solutions. And you can’t market consistently if you have poor time management and productivity habits. What you CAN do is make simple shifts in your mindset to break through these challenges and make progress in reaching your goals. In this week’s podcast, I share some simple ways you can change your habits to find more time for marketing.
This document proposes an innovative systemic approach to risk management across interconnected sectors. It suggests using enterprise architecture models to manage cross-sector risks in Luxembourg's complex ICT ecosystem. The approach would provide regulators an overview of all players and systems, as well as models of different sectors to analyze collected data and risks at a national level, fostering accurate and reactive risk mitigation across economic domains.
This document discusses the different types of "si clauses" or conditional sentences in French. There are three main types: first conditional for likely present or future situations, second conditional for unlikely past situations, and third conditional for impossible past situations. Examples of each type are provided along with their English equivalents using "if...then". A quiz with 15 example sentences follows to test understanding of the different conditional structures.
The document describes the evolution of Amazon's Kindle e-reader devices over time from 2007 to 2011. It notes the year of release and key features of each generation, including display sizes from 6 to 9.7 inches, storage capacities from 2GB to 8GB, and battery life ranging from 1 week to 2 months depending on WiFi usage. It also covers the introduction of new technologies like E Ink Pearl displays, text-to-speech, 3G connectivity, and the first Kindle Fire tablet in 2011 with a color touchscreen but no 3G, camera, or SD card slot.
The document provides an overview of how search engines like Google work. It explains that search engines use web crawlers or spiders to index websites by following links and reading content and metadata. The spiders return this information to be indexed. When a user searches, the search engine checks its index rather than searching the entire web. Google in particular runs on thousands of computers to allow parallel processing. It uses Googlebot to fetch pages from the web and an indexer to store words and links from pages in a database. It then uses a query processor to match searches to relevant indexed pages based on factors like page popularity, position of search terms, and how pages link to each other.
Este documento presenta los resultados de una encuesta de opinión realizada en Lima Metropolitana en agosto de 2010. La encuesta midió las preferencias electorales para la alcaldía de Lima sin la candidatura de Alex Kouri, arrojando que Lourdes Flores sería la favorita con un 41.4% de la intención de voto, seguida por Susana Villarán con un 17.5%. La encuesta también incluyó información técnica como el tamaño y metodología de la muestra, los distritos incluidos, y la empresa
The document discusses an organization, LGN International, that uses two websites - one for accessing products and one for accessing the business. Users have two back offices, two affiliate links, and two locations for new customers and associates to sign up depending on if they are a retail customer or independent associate.
Diese Präsentation berichtet über das Gymnasium Osterlandgymnasium, wo Elke Kolodzy Russich unterrichtet und mit ihrer Gruppe an der Videokonferenzen teilnimmt.
Diese PPT gehört Elke Kolodzy.
This document proposes an automatic reaction strategy for critical infrastructure SCADA systems. It defines a three-layer metamodel for modeling SCADA components and two types of policies (cognitive and permissive) that govern component behavior. It then presents a two-phase method for identifying these policies from the SCADA architecture and formalizing them to support an automatic reaction strategy. This strategy is modeled as an integral part of the SCADA architecture using the defined metamodel and policy identification method. It includes organizational and application layers with main actors, strategies, and components that realize the reaction policies based on expected automation levels.
This document provides guidance on giving effective presentations in English. It discusses setting goals and choosing a title for the presentation. The document then covers planning the presentation, preparing the content, and establishing a thesis statement. Examples are given of an effective thesis statement and how to stay focused during the presentation. The document concludes by noting that next steps include final presentations and peer review/evaluation.
The document provides an overview of Arduino labs and training. It discusses that Arduino is low-cost, easy to use, and open-source. The initial labs focus on basics like blinking LEDs and serial communication. Later labs introduce more complex devices and integrating multiple devices. The training covers basic programming, communication between devices, and creating real-life applications. Materials required include an Arduino board, computer, power supply and cables. Installation involves downloading the Arduino software and selecting the correct board and port.
Methodology to align business and it policies use case from an it companychristophefeltus
This document proposes a methodology for aligning business and IT policies using a responsibility model. The methodology is a five-step approach consisting of collecting information, defining capabilities, accountabilities and commitments, linking responsibilities to processes, validating the model, and defining policies. It is illustrated with a case study from an IT company where they define an access control policy using this methodology and responsibility model. The responsibility model defines three components - capabilities, accountabilities, and commitments - to clarify roles and responsibilities for policy definition.
This document proposes a methodology for aligning business and IT policies using a responsibility model. The methodology is a five-step approach consisting of collecting information, defining capabilities, accountabilities and commitments, linking responsibilities to processes, validating the model, and defining policies. It is illustrated with a case study from an IT company where they define an access control policy using this methodology and responsibility model. The responsibility model defines three components - capabilities, accountabilities, and commitments - to clarify roles and responsibilities for policy definition.
This document discusses challenges with access rights management for information systems due to growing complexity from distributed systems and dynamic environments. It proposes an agent-based framework called SIM that focuses on aligning access policies with business objectives by linking them to processes and responsibilities defined in the ISO/IEC 15504 standard. The goals are to define policies based on business needs and automatically deploy them through IT infrastructure using a multi-agent system architecture.
An agent based framework for identity management the unsuspected relation wit...christophefeltus
The document discusses access rights management in information systems and proposes an innovative approach. It aims to better align access policies with business objectives by linking them to organizational processes and responsibilities. The approach uses concepts from the ISO/IEC 15504 process assessment standard to define policies based on processes, outcomes, roles and responsibilities. It then proposes a multi-agent system to automate deployment of access policies across IT systems and devices in a flexible way. The approach seeks to improve on existing identity management solutions which can be rigid and difficult to integrate across organizations.
This document proposes a responsibility modeling language (ReMoLa) to align access rights with business process requirements. ReMoLa is a responsibility-centered meta-model that integrates concepts from the business and technical layers, with the concept of employee responsibility bridging the two. It incorporates four types of obligations from the COBIT framework to refine employee responsibilities and better assign access rights. ReMoLa maps responsibilities to roles in the RBAC model to leverage its advantages for access right management while ensuring responsibilities align with business tasks and employee commitment.
Re mola responsibility model language to align access rights with business pr...christophefeltus
This document proposes a responsibility modeling language (ReMoLa) to align access rights with business process requirements. ReMoLa is a responsibility-centered meta-model that integrates both business and technical perspectives to bridge the gap between them. It uses the concept of employee responsibilities to link business obligations to the technical capabilities and access rights needed to fulfill those obligations. The meta-model includes concepts like responsibilities, obligations, accountabilities, capabilities, and rights. It also maps these concepts to the four types of obligations from the COBIT framework to better define employee responsibilities and access rights assignments based on real needs.
- Business communication has become inefficient due to communication overload from too many messaging channels, lack of accountability when people don't respond to messages, and fragmentation of information across different apps.
- To address these issues, the document recommends adopting an enterprise social network that integrates messaging, file sharing, tasks, and social features into one centralized place to reduce overload and fragmentation while increasing accountability. It also warns against relying on multiple best-of-breed apps that scatter corporate knowledge and data across various services.
This document discusses ethics for IT workers and users. It begins by defining a profession and the criteria to be considered a professional according to US law. While IT workers are considered part of the professional services industry, they are not legally recognized as professionals. The document then discusses seven forces changing professional services like increased client sophistication and globalization. It also covers the relationships and responsibilities IT workers have with employers, clients, suppliers, other professionals, users, and society.
BBA 3551, Information Systems Management 1 Course Lea.docxaryan532920
BBA 3551, Information Systems Management 1
Course Learning Outcomes for Unit VIII
Upon completion of this unit, students should be able to:
3. Examine the importance of mobile systems and securing information and knowledge.
Reading Assignment
Chapter 12:
Information Security Management
Unit Lesson
In the last unit, we discussed outsourcing, the functions and organization of the IS department, and user
rights and responsibilities. In this final unit, we will focus on security threats to information systems.
PRIDE and System Security
PRIDE processes privacy settings on the server and returns a code that indicates which of the four privacy
levels defined for PRIDE govern a particular individual with a particular report/data requestor. By processing
settings on the server, those settings are not exposed to the Internet. The return code is, however, and the
operational system should probably use https for both the code and to return the report. This was not done in
the prototype, though.
The relationship between patients and PRIDE participants is N:M. One patient has potentially many
organizations, and an organization has potentially many patients. What this means is that a patient has a
relationship, potentially, to many participants of a given type: many doctors, many health clubs, many
insurance companies, and even many employers. In addition, a patient has a relationship to, potentially, many
types of participants.
Given the N:M relationships, a natural place to put privacy settings is in the intersection table. That table
serves, intuitively, as an opacity filter between a given patient and a given doctor (or other
person/organization).
The tension in the dialog between Maggie and Ajit at the beginning of Chapter 12 regarding what terminology
to use with Dr. Flores is intended to set up a discussion from both perspectives. It is a common problem for
techies when talking with business professionals: How much technical language should I use? It is important
to use enough to demonstrate competency, but not so much as to drown the businessperson in terminology.
Using the Ethics Guide: Securing Privacy
In this chapter, we discuss three categories of criteria for evaluating business actions and employee
behaviors:
legal
ethical (categorical imperative or utilitarianism)
good business practice
UNIT VIII STUDY GUIDE
Information Security Management
BBA 3551, Information Systems Management 2
We can clearly see the differences in these criteria with regard to data security. A doctor’s office that does not
create systems to comply with HIPAA is violating the law. An e-commerce business that collects customer
data and sells it to spammers is behaving unethically (by either ethical perspective). An e-commerce business
that is lackadaisical about securing its customers data is engaging in poor business practices.
Even still, business professionals today need t ...
2-pager leaflet How well do understand your clients environment - PhD proposa...Ir. Jos Geskus EMITA
This document summarizes Jos Geskus' PhD proposal on applying principles of Enterprise Engineering to auditing. It discusses how understanding clients as complex social systems is key for auditors. Technological advances like cloud computing increase complexity, requiring methods to reduce complexity and identify significant parts. Enterprise Engineering uses Enterprise Ontology, Architecture, and Governance as pillars. The proposal aims to develop tools using Enterprise Ontology to better understand clients' enterprises and improve audit quality.
Social Media in the Workplace
Linky Trott
Abstract
There is no doubt that most businesses use social media and collaboration tools
such as social business software of some kind or another and embrace the
benefits that these can bring. In a 2009 a global Manpower survey, businesses
identified the main benefits of using social media as; brand building, fostering
collaboration and communication, as way of recruiting new talent, improving
employee engagement and driving innovation.
But there are also risks. This article examines the main legal risks that can arise
in the workplace as between a business and its workforce and considers how
the Courts and Tribunals are responding to social media issues arising in the
workplace.
Introduction
If a business has a concern about the use of social media, a blanket ban is
clearly an option. Whilst that may feel like the most simple approach, it is
unlikely to be practical. Even as far back as 2009, the Manpower survey
observed that “the younger generation consider social media tools as a
Biography
Linky Trott is a Partner at law firm, Edwin Coe. She provides day to day advice on a
comprehensive range of employment issues for established corporate clients including
the negotiation and provision of strategic advice on severance arrangements, bullying
and harassment claims, the management of ill health and capability dismissals, dealing
with allegations of discrimination, collective redundancies and Board disputes.
Linky also undertakes High Court injunctive work to enforce or resist post termination
restraints and the protection of confidential information. Working with Senior
Executives and Board Directors, Linky regularly advises and helps to negotiate terms
of Executive service agreements to include bonus schemes, guaranteed payments and
share options in regulated and non regulated industries. She has provided strategic
advice on a number of successful team moves within the communications and financial
sector acting for both the poaching competitor and the individuals being approached.
Linky also advises on data protection, commercial agents and the Conduct of
Employment Businesses and Employment Agency issues.
Linky sits on the Employment Committee of the Law Society and is Chair on the In and
Around Covent Garden Business Forum. She is also a member of the Employment
Lawyers Association, and has appeared on ITV and Channel 4 commenting on
Employment Law issues arising in the news and is a regular speaker at conferences on
employment issues.
Linky Trott
Partner
Edwin Coe
Keywords Risk, Rewards, Safeguards, Recruitment, Human Rights Act 1998
Paper type Opinion
23 Credit Control
Legal Aspects
prerequisite for doing business” and with generation Y having been in the
workplace for around ten years, it is unlikely that staff will tolerate a blanket ban.
Time wasters
Employers can of course monitor an employe.
This document proposes an innovative approach called SIM (Secure Identity Management) that aims to make access management policies closer aligned with business objectives. It does this in two ways:
1) By focusing the policy engineering process on business goals and responsibilities defined in processes, using concepts from the ISO/IEC 15504 standard. This links capabilities and accountabilities to process outcomes and work products.
2) By defining a multi-agent system architecture to automate the deployment of policies across heterogeneous IT components and devices. The agents provide autonomy and ability to adapt rapidly according to context.
The approach was prototyped using open source components and aims to improve how access rights are defined according to business needs and deployed across an organization
Sim an innovative business oriented approach for a distributed access managementchristophefeltus
This document proposes an innovative approach called SIM (Secure Identity Management) that aims to define access control policies in a way that is closely aligned with business objectives. It does this by linking concepts from the ISO/IEC 15504 process-based model for organizing work to concepts of responsibility. The approach also defines a multi-agent system architecture to automate the deployment of access policies across an organization's heterogeneous IT components and devices. This provides autonomy and adaptability. The goal is to improve how access rights are defined according to business needs and how those rights are deployed throughout the IT infrastructure.
GLOBAL FINANCE, INC. (GFI) Global Finance, Inc. (GFI) is a.docxbudbarber38650
GLOBAL FINANCE, INC. (GFI)
Global Finance, Inc. (GFI) is a financial company that manages thousands of accounts across Canada, the United
States, and Mexico. A public company traded on the NYSE, GFI specializes in financial management, loan
application approval, wholesale loan processing, and investment of money management for their customers.
GFI employs over 1,600 employees and has been experiencing consistent growth keeping pace with S&P averages
(approximately 8%) for nearly six years. A well-honed management strategy built on scaling operational
performance through automation and technological innovation has propelled the company into the big leagues; GFI
was only recently profiled in Fortune Magazine.
The executive management team of GFI:
CEO
John Thompson
Vice Presidnet
Trey Elway
Executive
Assistant
Julie Anderson
Executive
Assistant
Kim Johnson
Executive
Assistant
Michelle Wang
CFO
Ron Johnson
COO
Mike Willy
CCO
Andy Murphy
Director of
Marketing
John King
Director of HR
Ted Young
Figure 1 GFI Management Organizational Chart
BACKGROUND AND YOUR ROLE
You are the Computer Security Manager educated, trained, and hired to protect the physical and operational
security of GFI’s corporate information system.
You were hired by COO Mike Willy and currently report to the COO. You are responsible for a $5.25m
annual budget, a staff of 11, and a sprawling and expansive data center located on the 5
th
floor of the
corporate tower. This position is the pinnacle of your career – you are counting on your performance here
to pave the way into a more strategic leadership position in IT, filling a vacancy that you feel is so
significantly lacking from the executive team.
There is actually a reason for this. CEO John Thompson believes that the IT problem is a known quantity –
that is, she feels the IT function can be nearly entirely outsourced at fractions of the cost associated with
creating and maintaining an established internal IT department; the CEO’s strategy has been to prevent IT
from becoming a core competency since so many services can be obtained from 3
rd
parties. Since the CEO
has taken the reigns two years ago, the CEO has made significant headway in cutting your department’s
budget by 30% and reducing half of your staff through outsourcing. This has been a political fight for you:
maintaining and reinforcing the relevance of an internal IT department is a constant struggle. COO Willy’s
act of hiring you was, in fact, an act of desperation: the increasing operational dependence on technology
combined with a diminishing IT footprint gravely concerned Jacobson, and he begged to at least bring in a
manager to whom these obligations could be delegated to. Jacobson’s worst nightmare is a situation where
the Confidentiality, Integrity, and Availability of the information system was compromised – bringing the
company to its knees – then having to .
This document discusses 3 myths about social work: 1) Social news is not the same as social work, which is about collaboration, 2) Social tasks only address simple standalone tasks and not complex work linked to processes, 3) Social work is not different from normal work, it is about collaboration rather than socialization. The document argues social work should be integrated with normal work processes to provide context and allow knowledge sharing to improve work outcomes.
Multi-Agent System (MAS) monitoring solutions are designed for a plethora of usage topics. Existing approach mostly used cloned back-end architectures while front-end monitoring interface tends to constitute the real specificity of the solution. These interfaces are recurrently structured around three dimensions: access to informed knowledge, agent’s behavioural rules, and restitution of real-time states of specific system sector. In this paper, we propose prototyping a sector-agnostic MAS platform (Smart-X) which gathers in an integrated and independent platform all the functionalities required to monitor and to govern a wide range of sector specific environments. For illustration and validation purposes, the use of Smart-X is introduced and explained with a smart-mobility case study.
This document provides an agenda and overview for a joint workshop on security modeling hosted by the ArchiMate Forum and Security Forum. The workshop aims to identify opportunities to improve the conceptual and visual modeling of enterprise information security using TOGAF and ArchiMate. The agenda includes introductions, a research spotlight on strengthening role-based access control with responsibility modeling, an open discussion on complementing TOGAF and ArchiMate with enhanced security modeling, and identifying next steps. The workshop purpose is to enable better security architecture decisions and drive usage of TOGAF and ArchiMate for security architecture.
Aligning the business operations with the appropriate IT infrastructure is a challenging and critical activity. Without efficient business/IT alignment, the companies face the risk not to be able to deliver their business services satisfactorily and that their image is seriously altered and jeopardized. Among the many challenges of business/IT alignment is the access rights management which should be conducted considering the rising governance needs, such as taking into account the business actors' responsibility. Unfortunately, in this domain, we have observed that no solution, model and method, fully considers and integrates the new needs yet. Therefore, the paper proposes firstly to define an expressive Responsibility metamodel, named ReMMo, which allows representing the existing responsibilities at the business layer and, thereby, allows engineering the access rights required to perform these responsibilities, at the application layer. Secondly, the Responsibility metamodel has been integrated with ArchiMate® to enhance its usability and benefits from the enterprise architecture formalism. Finally, a method has been proposed to define the access rights more accurately, considering the alignment of ReMMo and RBAC. The research was realized following a design science and action design based research method and the results have been evaluated through an extended case study at the Hospital Center in Luxembourg.
This document proposes extending the HL7 standard with a responsibility perspective to better manage access rights to patient health records. It presents the ReMMo responsibility metamodel, which defines actors' responsibilities and associated access rights. The paper aims to align ReMMo with the HL7-based eSanté healthcare platform model in Luxembourg to semantically enhance access controls based on users' real responsibilities rather than just roles. It will first map concepts between the two models, then evaluate the alignment through a prototype applying inference rules.
This document presents a study that aims to develop and validate a responsibility model to improve IT governance. It analyzes concepts of responsibility from literature and frameworks like COBIT. The researchers developed a responsibility model with key concepts like obligation, accountability, right, and commitment. They then compare this model to COBIT's representation of responsibility to identify areas for potential enhancement, like adding concepts that COBIT lacks. The document illustrates how the responsibility model could be used to refine COBIT's process for identifying system owners and their responsibilities.
This document proposes a methodological approach for specifying services and analyzing service compliance considering the responsibility dimension of stakeholders. The approach includes a product model and process model. The product model has three layers: an informational layer describing service context and concepts, an organizational layer describing business rules and roles, and a responsibility dimension layer linking the two. The process model outlines steps for service architects to identify context, define concepts and rules, specify services, and analyze compliance. The approach is illustrated with an example of managing access rights for sensitive healthcare data exchange between organizations.
This document discusses integrating responsibility aspects into service engineering for e-government. It proposes a multi-layered approach including an ontological layer defining legal concepts, an organizational layer describing roles and stakeholders, an informational layer representing data structures and integrity constraints, and a technical layer representing IT components. A responsibility meta-model is also introduced to align responsibilities across these layers and facilitate interoperability between services that share data. The approach aims to ensure service compliance and manage risks associated with e-government services.
1) The document proposes a dynamic approach for assigning functions and responsibilities to agents in a multi-agent system for critical infrastructure management.
2) The approach uses an agent's reputation, which is based on past performance, to determine which agents receive which responsibilities as crisis situations change over time.
3) Assigning responsibilities dynamically based on reputation allows the system to continue operating effectively if an agent becomes isolated or has reduced capabilities during a crisis.
This document provides a preliminary literature review of policy engineering methods related to the concept of responsibility. It summarizes key access control models and discusses how they address concepts like capability, accountability, and commitment. The document also reviews engineering methods and how they incorporate responsibility considerations. The overall goal is to orient further research towards a new policy model and engineering method that more fully addresses stakeholder responsibility.
This document proposes an extension of the ArchiMate enterprise architecture framework to model multi-agent systems for critical infrastructure governance. The authors develop a responsibility-driven policy concept and metamodel layers to represent agent behavior and organizational policies across technical, application, and organizational layers. The approach is illustrated through a case study of a financial transaction processing system.
This document summarizes an experimental prototype of the OpenSST protocol for secured electronic transactions. OpenSST was developed to achieve high security, simplicity in software engineering, and compatibility with existing standards. The prototype uses OpenSST for the authorization portion of electronic payments in an e-business clearing solution. It describes the OpenSST message format and types, and discusses how OpenSST is implemented in the prototype's three-element architecture of an OpenSST proxy, reverse proxy, and server.
This document discusses the NOEMI model, a collaborative management model for ICT processes in SMEs. The model was developed by the Centre Henri Tudor and tested with a cluster of 8 partner SMEs. Key aspects of the model include defining ICT activities across 5 domains, assessing each SME's capabilities, and having an operational team manage activities for the cluster under a coordination committee. The experiment showed improved cost control, management, and partner satisfaction compared to alternatives like outsourcing or hiring individual IT staff. The research is now ready for market transfer as the successful model is adopted long-term by participating SMEs.
The document proposes an agent-based architecture for multi-level security incident reaction in distributed telecommunication networks. The architecture has three levels: a low level interface with the infrastructure, an intermediate level using multi-agent systems to correlate alerts and deploy reactions across domains, and a high level for global supervision and policy management. The architecture was designed based on requirements like scalability, availability, autonomy, and robust reaction and alert management across distributed systems. It was successfully tested for implementing data access control policies.
This document proposes a multi-agent architecture for incident reaction in information system security. The architecture has three layers - low level interacts directly with the infrastructure, intermediate level correlates alerts and deploys reaction actions using multi-agent systems, and high level provides supervision and manages business policies. The architecture was tested for data access control and aims to quickly and efficiently react to attacks while ensuring policy compliance. The document discusses requirements like scalability, autonomy, and global supervision. It also describes the key components of alert management, reaction decision making, and policy definition/deployment to implement the architecture using a multi-agent approach.
This document proposes a metamodel for modeling reputation-based multi-agent systems using an adaptation of the ArchiMate enterprise architecture modeling framework. It describes a case study applying this metamodel to model an electrical distribution critical infrastructure system. Key elements of the metamodel include:
- Representing agents and their behaviors through policies that integrate both behavior and trust components
- Modeling trust relationships between agents using a reputation-based trust model
- Illustrating the metamodel layers and components on a system that detects weather alerts and broadcasts messages to the public through various channels like SMS or social media
The document discusses information security concerns of industry managers. A survey found that information security is the top concern of managers, even more than risks from the economy or natural disasters. While industries invest heavily in information security, most managers still trust their current security systems despite few having organizations well-adapted to new information risks. The complexity of assessing security risks is growing due to new IT capabilities, critical infrastructure developments, cloud services, and increasing cybercrime. Industries and academics must collaborate further on information security research to address these challenges.
Candidate young stellar objects in the S-cluster: Kinematic analysis of a sub...Sérgio Sacani
Context. The observation of several L-band emission sources in the S cluster has led to a rich discussion of their nature. However, a definitive answer to the classification of the dusty objects requires an explanation for the detection of compact Doppler-shifted Brγ emission. The ionized hydrogen in combination with the observation of mid-infrared L-band continuum emission suggests that most of these sources are embedded in a dusty envelope. These embedded sources are part of the S-cluster, and their relationship to the S-stars is still under debate. To date, the question of the origin of these two populations has been vague, although all explanations favor migration processes for the individual cluster members. Aims. This work revisits the S-cluster and its dusty members orbiting the supermassive black hole SgrA* on bound Keplerian orbits from a kinematic perspective. The aim is to explore the Keplerian parameters for patterns that might imply a nonrandom distribution of the sample. Additionally, various analytical aspects are considered to address the nature of the dusty sources. Methods. Based on the photometric analysis, we estimated the individual H−K and K−L colors for the source sample and compared the results to known cluster members. The classification revealed a noticeable contrast between the S-stars and the dusty sources. To fit the flux-density distribution, we utilized the radiative transfer code HYPERION and implemented a young stellar object Class I model. We obtained the position angle from the Keplerian fit results; additionally, we analyzed the distribution of the inclinations and the longitudes of the ascending node. Results. The colors of the dusty sources suggest a stellar nature consistent with the spectral energy distribution in the near and midinfrared domains. Furthermore, the evaporation timescales of dusty and gaseous clumps in the vicinity of SgrA* are much shorter ( 2yr) than the epochs covered by the observations (≈15yr). In addition to the strong evidence for the stellar classification of the D-sources, we also find a clear disk-like pattern following the arrangements of S-stars proposed in the literature. Furthermore, we find a global intrinsic inclination for all dusty sources of 60 ± 20◦, implying a common formation process. Conclusions. The pattern of the dusty sources manifested in the distribution of the position angles, inclinations, and longitudes of the ascending node strongly suggests two different scenarios: the main-sequence stars and the dusty stellar S-cluster sources share a common formation history or migrated with a similar formation channel in the vicinity of SgrA*. Alternatively, the gravitational influence of SgrA* in combination with a massive perturber, such as a putative intermediate mass black hole in the IRS 13 cluster, forces the dusty objects and S-stars to follow a particular orbital arrangement. Key words. stars: black holes– stars: formation– Galaxy: center– galaxies: star formation
Authoring a personal GPT for your research and practice: How we created the Q...Leonel Morgado
Thematic analysis in qualitative research is a time-consuming and systematic task, typically done using teams. Team members must ground their activities on common understandings of the major concepts underlying the thematic analysis, and define criteria for its development. However, conceptual misunderstandings, equivocations, and lack of adherence to criteria are challenges to the quality and speed of this process. Given the distributed and uncertain nature of this process, we wondered if the tasks in thematic analysis could be supported by readily available artificial intelligence chatbots. Our early efforts point to potential benefits: not just saving time in the coding process but better adherence to criteria and grounding, by increasing triangulation between humans and artificial intelligence. This tutorial will provide a description and demonstration of the process we followed, as two academic researchers, to develop a custom ChatGPT to assist with qualitative coding in the thematic data analysis process of immersive learning accounts in a survey of the academic literature: QUAL-E Immersive Learning Thematic Analysis Helper. In the hands-on time, participants will try out QUAL-E and develop their ideas for their own qualitative coding ChatGPT. Participants that have the paid ChatGPT Plus subscription can create a draft of their assistants. The organizers will provide course materials and slide deck that participants will be able to utilize to continue development of their custom GPT. The paid subscription to ChatGPT Plus is not required to participate in this workshop, just for trying out personal GPTs during it.
Anti-Universe And Emergent Gravity and the Dark UniverseSérgio Sacani
Recent theoretical progress indicates that spacetime and gravity emerge together from the entanglement structure of an underlying microscopic theory. These ideas are best understood in Anti-de Sitter space, where they rely on the area law for entanglement entropy. The extension to de Sitter space requires taking into account the entropy and temperature associated with the cosmological horizon. Using insights from string theory, black hole physics and quantum information theory we argue that the positive dark energy leads to a thermal volume law contribution to the entropy that overtakes the area law precisely at the cosmological horizon. Due to the competition between area and volume law entanglement the microscopic de Sitter states do not thermalise at sub-Hubble scales: they exhibit memory effects in the form of an entropy displacement caused by matter. The emergent laws of gravity contain an additional ‘dark’ gravitational force describing the ‘elastic’ response due to the entropy displacement. We derive an estimate of the strength of this extra force in terms of the baryonic mass, Newton’s constant and the Hubble acceleration scale a0 = cH0, and provide evidence for the fact that this additional ‘dark gravity force’ explains the observed phenomena in galaxies and clusters currently attributed to dark matter.
Microbial interaction
Microorganisms interacts with each other and can be physically associated with another organisms in a variety of ways.
One organism can be located on the surface of another organism as an ectobiont or located within another organism as endobiont.
Microbial interaction may be positive such as mutualism, proto-cooperation, commensalism or may be negative such as parasitism, predation or competition
Types of microbial interaction
Positive interaction: mutualism, proto-cooperation, commensalism
Negative interaction: Ammensalism (antagonism), parasitism, predation, competition
I. Mutualism:
It is defined as the relationship in which each organism in interaction gets benefits from association. It is an obligatory relationship in which mutualist and host are metabolically dependent on each other.
Mutualistic relationship is very specific where one member of association cannot be replaced by another species.
Mutualism require close physical contact between interacting organisms.
Relationship of mutualism allows organisms to exist in habitat that could not occupied by either species alone.
Mutualistic relationship between organisms allows them to act as a single organism.
Examples of mutualism:
i. Lichens:
Lichens are excellent example of mutualism.
They are the association of specific fungi and certain genus of algae. In lichen, fungal partner is called mycobiont and algal partner is called
II. Syntrophism:
It is an association in which the growth of one organism either depends on or improved by the substrate provided by another organism.
In syntrophism both organism in association gets benefits.
Compound A
Utilized by population 1
Compound B
Utilized by population 2
Compound C
utilized by both Population 1+2
Products
In this theoretical example of syntrophism, population 1 is able to utilize and metabolize compound A, forming compound B but cannot metabolize beyond compound B without co-operation of population 2. Population 2is unable to utilize compound A but it can metabolize compound B forming compound C. Then both population 1 and 2 are able to carry out metabolic reaction which leads to formation of end product that neither population could produce alone.
Examples of syntrophism:
i. Methanogenic ecosystem in sludge digester
Methane produced by methanogenic bacteria depends upon interspecies hydrogen transfer by other fermentative bacteria.
Anaerobic fermentative bacteria generate CO2 and H2 utilizing carbohydrates which is then utilized by methanogenic bacteria (Methanobacter) to produce methane.
ii. Lactobacillus arobinosus and Enterococcus faecalis:
In the minimal media, Lactobacillus arobinosus and Enterococcus faecalis are able to grow together but not alone.
The synergistic relationship between E. faecalis and L. arobinosus occurs in which E. faecalis require folic acid
ESA/ACT Science Coffee: Diego Blas - Gravitational wave detection with orbita...Advanced-Concepts-Team
Presentation in the Science Coffee of the Advanced Concepts Team of the European Space Agency on the 07.06.2024.
Speaker: Diego Blas (IFAE/ICREA)
Title: Gravitational wave detection with orbital motion of Moon and artificial
Abstract:
In this talk I will describe some recent ideas to find gravitational waves from supermassive black holes or of primordial origin by studying their secular effect on the orbital motion of the Moon or satellites that are laser ranged.
Mending Clothing to Support Sustainable Fashion_CIMaR 2024.pdfSelcen Ozturkcan
Ozturkcan, S., Berndt, A., & Angelakis, A. (2024). Mending clothing to support sustainable fashion. Presented at the 31st Annual Conference by the Consortium for International Marketing Research (CIMaR), 10-13 Jun 2024, University of Gävle, Sweden.
Immersive Learning That Works: Research Grounding and Paths ForwardLeonel Morgado
We will metaverse into the essence of immersive learning, into its three dimensions and conceptual models. This approach encompasses elements from teaching methodologies to social involvement, through organizational concerns and technologies. Challenging the perception of learning as knowledge transfer, we introduce a 'Uses, Practices & Strategies' model operationalized by the 'Immersive Learning Brain' and ‘Immersion Cube’ frameworks. This approach offers a comprehensive guide through the intricacies of immersive educational experiences and spotlighting research frontiers, along the immersion dimensions of system, narrative, and agency. Our discourse extends to stakeholders beyond the academic sphere, addressing the interests of technologists, instructional designers, and policymakers. We span various contexts, from formal education to organizational transformation to the new horizon of an AI-pervasive society. This keynote aims to unite the iLRN community in a collaborative journey towards a future where immersive learning research and practice coalesce, paving the way for innovative educational research and practice landscapes.
CLASS 12th CHEMISTRY SOLID STATE ppt (Animated)eitps1506
Description:
Dive into the fascinating realm of solid-state physics with our meticulously crafted online PowerPoint presentation. This immersive educational resource offers a comprehensive exploration of the fundamental concepts, theories, and applications within the realm of solid-state physics.
From crystalline structures to semiconductor devices, this presentation delves into the intricate principles governing the behavior of solids, providing clear explanations and illustrative examples to enhance understanding. Whether you're a student delving into the subject for the first time or a seasoned researcher seeking to deepen your knowledge, our presentation offers valuable insights and in-depth analyses to cater to various levels of expertise.
Key topics covered include:
Crystal Structures: Unravel the mysteries of crystalline arrangements and their significance in determining material properties.
Band Theory: Explore the electronic band structure of solids and understand how it influences their conductive properties.
Semiconductor Physics: Delve into the behavior of semiconductors, including doping, carrier transport, and device applications.
Magnetic Properties: Investigate the magnetic behavior of solids, including ferromagnetism, antiferromagnetism, and ferrimagnetism.
Optical Properties: Examine the interaction of light with solids, including absorption, reflection, and transmission phenomena.
With visually engaging slides, informative content, and interactive elements, our online PowerPoint presentation serves as a valuable resource for students, educators, and enthusiasts alike, facilitating a deeper understanding of the captivating world of solid-state physics. Explore the intricacies of solid-state materials and unlock the secrets behind their remarkable properties with our comprehensive presentation.
If only i can trust my police! sim an agent based audit solution of access right deployment through open network
1. If only I can trust my police!
SIM : an agent-based audit solution of access right deployment
through open network
Christophe Incoul, Benjamin Gateau, Jocelyn Aubert, Nicolas Bounoughaz, Christophe Feltus
Centre for IT Innovation
Centre de Recherche Public Henri Tudor
29, Rue John F. Kennedy
L-1855 Luxembourg
christophe.incoul@tudor.lu
Abstract
Dynamic and evolved environment make the
Information Systems (IS), and consequently access rights
to its components, always more complex to define and to
manage. This statement is mainly explained by the
continuous grow of the diversity of business
requirements and by the criticality of the resources to
protect. Even if a proliferation of sophisticated “Identity
and Access Management” (IAM) solutions has appeared
on the market since end of last decade, some points
remain poorly addressed like the definition of the access
control policy against business constraints and their
dissemination through distributed system.
To bring up a contribution for improving that matter,
our paper’s first objective is to realize the development
of an automate deployment of policies from an
administrative platform that encompasses business
requirements down to infrastructure’s components and
devices. This objective is achieved by adapting the
XACML OASIS framework [22] and by formalizing a
protocol for information exchange through different
components of a multi-agent system.
The second paper’s objective aims at providing
guaranties that defined and deployed access rights are
continuously aligned with business requirements. This
objective is completed by complementary developments
that aim to perform a systematic and/or on-demand
audit of the effective rights against the desired ones.
This second objective is achieved by adding new
functionality to the proposed agents architecture and by
adapting the protocol accordingly.
Practically, this research has been performed in the
framework of the SIM [1] project and has privileged
free and open source components for the prototyping
phase.
Keywords: Identity Management, Responsibility model,
Policy audit, multi agent architecture.
1. Introduction
Improving access rights deployment and giving
business manager the confidence that rights are correctly
enforced is our research’s aim. That twofold objective is
nowadays challenging because the configuration of
Information System has been subject to major changes
since the apparition of open and distributed network.
What was previously a rather simple manageable
administrative task is now a work that takes considerable
proportions. This assertion is mainly due to two
following statements. Firstly, the management of access
right over business assets was previously the
responsibility of the IT staff and is now hand over the
responsibility of business owners. This shift of
responsibility seems reasonable in that it is the business
that has to define which stakeholders need to access
which resources. However, because business manager
are not friendly with so call “unintelligible” IT
applications, it is necessary to provide them adapted and
clear user interfaces. First results of SIM project have
focused on the elaboration of such interfaces by using an
open source framework named eGroupWare [5].
Secondly, the management of access right that was
previously limited to a strict company environment has
evolved toward a wild opening. Resources to be
accessed are no more only located on a closed network
but may be posted on servers based on the other side of
the world. Likely, people that need to access corporate
information are no more limited to employees of the
company but is largely open to others stakeholders like
for instance shareholders that need financial information,
providers that check the state of stock or customers that
follow on-line the state of orders.
Based upon that observation, it appears that it is
unavoidable to have a trusted access control framework
without previously having defined clear responsibility
for each stakeholder, provisioning access rights
accordingly to all IS components and devices, and
finally auditing that those rights are suitably applied.
Defining such a framework remains however
challenging because of the difficulty to integrate
heterogeneous applications - consequently technologies -
to heterogeneous organizations.
As shown on Figure 1 identity management is an
activity that could be achieved following a life cycle
approach. First results of our research attempt to bring
innovation to parts “Policy Engineering”, “Policy
Deployment” and “Policy audit”.
2. The section 2 of this paper proposes a responsibility
model designed to be comprehensible by business
manager while offering at the same time pragmatic
information to IT staff. To keep the paper didactic, a
case study is introduced at the early beginning of the
section to illustrate the concepts of the model. The
Section 3 presents the business interface for
responsibilities and access rights management. Section 4
presents the agents based solution for the deployment of
rights through the network and the audit of those rights.
Finally, section 5 introduces future work and concludes.
Figure 1: Identity management life cycle
2. Responsibility model
Our previous works [1] have presented responsibility
model (cf. Figure 2) and more precisely how it has been
elaborated according to a literature review and by
confrontation to others theories.
Figure 2: Responsibility model
To introduce this model, we proprietary propose the
following case study and explain concepts by providing
illustrations related to it.
Mister Johnson is the manager of the IT Company
named “HighTech”. Each year, Mister Johnson
organizes during the Christmas period a large sending
of postcards to all its customers. This year, Mister
Johnson has too much work for closing the annual
report and consequently decides to delegate this task to
one of its employees. Because the task is less business
sensitive as some other production task, Mister Johnson
decides to delegate it to a part-time secretary named
Miss Fleming. Miss Fleming has just got married and
consequently, she accepts this additional work without
commitment. Mister Johnson asks to the IT service
manager to give Miss Fleming the necessary access
right to the customers address list. The IT service
manager asks an employee from the IT service named
Rob to realize the necessary operation for providing this
right. On January the 30th, Mister Johnson receives
over 100 complains of customers that didn’t receive
Christmas card.
Mister Johnson has duly formalized Miss Fleming’s
Accountability by asking her to realize the sending
activity. It was consequently clear about what she was
accountable to do. To achieve that sending, she got the
necessary capability that was the access to the
customers file. However, due to the fact that her thought
went to her new husband rather that to the work she had
to accomplish, she didn’t really want to achieve the
work and failed to assure her responsibility due to a
miss of commitment.
Rob’s responsibility can also be analyzed by that case
study. Rob is a well paid IT staff that is very happy with
his function. He has received clear accountability to give
access right to Miss Fleming and he has the needed
capabilities due to its position as network administrator.
He has consequently been responsible to fulfil Mister
Johnson’ request.
It exists a plethora of definitions of responsibility and
this paper has not for duty to propose a new one. We
may however state that commonly accepted responsible
definition encompasses the idea of having the obligation
to ensure that something happens. Moreover, the review
of the literature in [2] shows that it makes sense to hang
on to it the three additional elements that are Capability,
Accountability and Commitment. The relationship
between Responsibility and Capacity, Accountability
and Commitment is of the form 0..* to 1. That means
that being responsible involves that it is possible to
dispose of many Capacities, Accountabilities and
Commitment. But at the opposite, on Commitments is
only bound to one responsibility, and adequately for
Accountability and Capability.
Capability describes the quality of having the
requisite qualities, skills or resources to perform a task.
Capability is a component that is part of all models and
methods, and is most frequently declined through
definition of access rights, authorizations or permissions.
Based upon the above case study, the Capability is
illustrate through the Miss Fleming’s capability to access
the customer’s file. This Capability exists because Rob
was responsible to provide that access right. The case
study illustrates also Rob’s Capability to be responsible
for providing access right. Indeed, due to his position of
network administrator, he has the right to manage all
employees’ access right.
Accountability is a concept that exists mainly in
requirement engineering methods and that appears
through the obligation to achieve a task or to perform an
action. This concept describes the state of being
answerable about the achievement of a task. The above
case study illustrates that Miss Fleming is accountable
toward Mister Johnson regarding the task she has been
assigned responsible for. In the same way, Rob is
accountable toward the IT service manager for providing
the access right.
Commitment is the moral engagement of a
stakeholder to fulfil a task and the assurance that he will
3. do it. Commitment is a most infrequent concept.
Traditional policy model such as RBAC [3] do not
address it, however i* [4] partly introduces it (e.g. when
defining dependency as an “agreement” between two
actors). However, to distinguish if it is a moral concept
or an obligation remains interpretable. This component
is illustrated through the cases study as follow: Firstly,
we may state that because Miss Fleming has others
duties in mind, she has not the willingness to achieve the
task. We may state that she is not committed to do it. At
the opposite, Rob is a well paid IT staff that is very
happy with his function. He is fully committed to
perform the task.
3. Business interface for responsibilities and
access rights management
In order to support our approach, we have developed
a prototype, using the open-source groupware
eGroupWare, which allows defining business’ processes
on which responsibilities are assigned to stakeholders.
3.1 Responsibility enforcement
Using this paper’s case study, the first step is to
define the process “XMAS-MAILING-2007 - Christmas
card mailing – Year 2007” (cf. Figure 3).
Figure 3: SIM prototype process cartography
The process defined different outcomes, which can be
defined as results produced by the process :
Outcome #01 : Create customer loyalty
Outcome #02 : Present new products
Outcome #03 : Update customers list
Outcomes are reached by achieving base practices
(BP) :
XMAS-MAILING-2007-BP#01 : Card creation
XMAS-MAILING-2007-BP#02 : Card order
XMAS-MAILING-2007-BP#03 : Mailing list edition and
envelopes printing
XMAS-MAILING-2007-BP#04 : Posting and finalization
Outcomes are reached by using some work products
(WP) :
WorkProduct#1 : CardCreation customer account
WorkProduct#2 : Customers list
WorkProduct#3 : HighTech marketing stuff folder
For a better understanding and granularity, we
defined a base practice as a set of atomic actions, called
actions, and we define responsibilities for those actions.
For our case study, we define for example a
responsibility on the action “Edit mailing list” which is a
part of the base practice “XMAS-MAILING-2007-
BP#03: Mailing list edition and envelopes printing”.
This responsibility is assigned to Miss Fleming and is
composed of two accountabilities “Create a relevant
customers list for card mailing based on customers list”
and “Modify obsolete entries in customers list”, and one
capability (to edit the customer list, she needs to “Access
customers list on read-write mode”). Each responsibility
is created using the form showed on Figure 4.
Figure 4: SIM action's responsibilities add form
When all responsibilities are defined and assigned to
resources, the application, using these responsibilities, is
able to publish via a web-service, a set of XACML
policies containing all process related policies (Figure 5
presents the policy set corresponding to defined
responsibilities). These technical mechanisms of rights
enforcement are detailed in section 5.
3.2 Audit module
4. Once the deployment of the access rights is done on
the technical devices via the multi-agent system, we
need a mean to control, at the organizational layer, that
polices are effectively and rightly deployed and applied
at the technical layer to:
Ensure a high level of effectiveness in the
policy deployment process;
Ensure a high level of correlation between
the business policies issued from the
organizational model down to accesses
rights enforced at the technical devices;
Figure 5: XACML Policy set generated by SIM
prototype
To reach these goals, we have developed an audit
module that enables IT administrators and business
managers to continually check the alignment of the
access right with business’ requirements. This
monitoring is facilitated by the use of dashboards that
highlight the policy deployment status through the mean
of charts and diagrams. With these charts, administrators
can detect problems induced by a modification of
(technical or business) access rights and thus mitigate
the risk of possible impacts on the security of the
Information System.
The audit mechanism is illustrated through our case
study by Figure 6 that gives a detailed view of the result
of the audit of the “XMAS-MAILING-2007 - Christmas
card mailing – Year 2007” process deployment. We can
observe that the deployment of the access right defined
for the action “Print of B&WPrinterXYZ-CD2014” is
not correctly deployed on the specific device and we can
see the reason why by hitting the “error details” link.
Figure 6: Example of deployment result for the case
study
Each action has an indicator that represents the
“access right status” for the action. We have defined
three possible states:
1. “Successfully deployed”, if the access right is
successfully implemented on the technical
device;
2. ”An error occurred while deploying”, if a
problem has been encountered during the
deployment process;
3. “New police”, if the police has never been
deployed yet, or has changed (on the technical
device or in the business layer) since last
deployment.
For all actions, we can visualized the XACML policy
linked to the right defined. For each action “in error” or
“not yet deployed”, we can deploy the access right
policy individually. For each action “in error”, the error
message is available.
The second view, presented in Figure 7, gives a
consolidated view of the state of the policies defined for
5. our process. Unsophisticated formulas have been used to
generate the graphics but they are not detailed in that
paper because it is not valuable at this stage of the
research.
Figure 7: Consolidated view for the process
These two dashboards are obtained by comparing
information retrieved from the deployment process and
from the business requirements definition.
The next section explains in details the architecture of
the policy deployment and audit process.
4. Policy Deployment and Audit
We need a means to transform an instantiated policy
(composed of concrete rules) into specific commands to
apply on concerned devices (named hereafter technical
modules), to verify that the policy is applied with
success and to check that no modification is directly
done through the technical modules. We distinguish two
phases.
The first one is the deployment:
1. We must find all the devices (firewall in our
case study) concerned by the policy's rules.
2. The rules must be sent to the technical modules.
3. Each received rules must be transformed into
script or command.
4. Scripts or commands must be executed and
return an execution status.
5. An audit is done and sent back to the
organisational layer in order to verify that
policies have really been applied.
The second phase is the audit:
1. The access rights defined for a user or a
resource must be checked.
2. The request is sent to the technical modules that
transform it into command.
3. Technical modules execute the command and
result is sent back to the user.
For that, several components are used (cf. Figure 8).
Each technical module is interfaced with a Policy
Enforcement Point (PEP). The PEP communicates with a
component called Policy Decision Point (PDP) whose
goal is to retrieve PEP and distributing rules to be
applied. It also interfaces the policy base in order to be
aware of new policies to apply. The PEP also
communicates with a component called Audit
Correlation Engine (ACE) whose goal is to get the status
of PEP in general and the status of policies deployed in
particular.
Figure 8: Technical infrastructure
The communication between the components could
be provided by a standardized protocol such as SNMP
[11], COPS [9] or NETCONF [10] or a multi-agent
based communication.. We presented these different
solutions and argued in favour or multi-agent system in
[1]. Our conclusion was that we think that the use of a
Multi-Agent System (MAS) is an interesting solution
because it provides autonomous entities that can be
collaborative. A Multi-Agent System is composed of
several agents, capable of a mutual interaction that can
be in the form of message passing or the production of
changes in their common environment [6]. Agents are
pro-active, reactive and socially autonomous entities
able to exhibit organized activity, in order to meet their
designed objectives, by eventually interacting with
users. Agents are collaborative by being able to commit
themselves to the society or/and another agent [7]. So, if
we consider that each technical module is interfaced
with an agent, all agents will collaborate in order to
apply a set of common policies.
We detail in the following agents’ architecture
representing all components (PDP, PEP and ACE) and
the relation between these components.
6. 4.1. Policy Decision Point
The PDP's architecture is shown in Figure 9. There
are two main modules: the policy analysis and the
Component Configuration Mapper.
Figure 9: Policy Decision Point architecture
The policy analysis module has to perform a variety
of validation checks. First, it verifies the syntax of the
policy specification provided by a PIE. This module will
then verify that the newly received policies are
consistent with current applied rules (coming from the
policy status base). A set of policies will be consistent if
it can be shown that no contradictory policies will ever
be found in a SIM system. The user will be able to
choose the system behaviour if a conflict is detected. For
the moment, the old rules that derivate from the previous
policy are cancelled and the newly received policy that
contradicts the applied rules.
The policy analysis module communicates with a
“policy rules status” database. This database stores the
newly received policies and their current status (in
progress, not applicable, by-passed, enforced,
removed…). In addition, the module should detect rules
that cannot be enforced due to a lack of PEP. As a
consequence a PDP should be aware of the different
managed PEPs.
For this reason, a Facilitator agent helps the PDP
agent. This agent manages the network topology by
retrieving PEP agents according to their localisation
(devices registered with an IP address or MAC address)
or according to actions they could apply and their type
(firewall, fileserver, etc.). For this, the Facilitator uses
white pages and yellow pages services.
The Component Configuration Mapper states in
details which kind of actions need to be taken by which
kind of network devices/applications. This module
receives high level policies and generates generic format
policies for each type of PEP (router, firewall, IDS…).
For that, it asks the Facilitator to determine what PEPs
are impacted by the policies update by mapping a set of
possible actions to the current network components
capabilities.
If some rules are not applicable, the Component
Configuration Mapper notifies the policy analysis
module. This one will update the policy rules status.
Problematic rules will be passed by, and their status in
the “policy status” database will change from “in
progress” to “by-passed”. Then the corresponding
policies are sent to the concerned PEP.
4.2. Policy Enforcement Point
Figure 10: Policy Enforcement Point architecture
A PEP agent manages each device that is part of
SIM’s technical layer. Agents are specific according to
the kind of devices or the kind of services that the device
offers. It is specific in order to know how to transform
policies represented in an abstract format (XACML [22]
in our case) for applicable scripts or rules. The Figure 10
shows the PEP's architecture. A PEP is composed of
three modules which are referred to as monitoring,
observation and enforcement.
The monitoring module controls the PEP actions and
stores all relevant actions/events. It receives abstract
policy from the PDP and chooses which action and
parameters must be executed to apply the policy. Then,
the enforcement module launches this local appropriate
action mechanism by applying the selected script. The
progress of the operations can be provided to the
Observation module. This last module performs
periodically, or during a script execution, measurements
to evaluate the current state of the PEP. But this is also
the module by which an audit is done by sending
feedback to the Audit Correlation Engine (ACE).
If we take back the case study presented in section 2,
the XACML policy generated in Figure 5 aims at
“allowing subject 26 to read resource 31”. The PEP
interfacing with an UNIX-like fileserver registered the
7. “setfacl” action1
. So it will construct its command by
using this action with parameters included into the
policy rule. The actions granted by the policy are “read”
and “write”. They will be transformed into ‘:rw-‘ to say
that “read” and “write” are allowed but not “execute”.
The command that the PEP will execute is:
setfacl –m u:26 :rw 31
The “-m” option indicates that the rights are modified,
“u” indicates that “26” is a user and “:rw-“ are his new
rights on 31.
4.3. Audit Correlation Engine
The Audit Correlation Engine goal and architecture is
equivalent to the PDP in that it also exhibits its services
through the WSIG (Web Service Integration Gateway)
and sends policy to the PEP. The ACE receives a request
concerning a type of device to audit and/or potentially a
resource or a user. As the PDP, it forwards the demand
to the concerned PEP related to the request it receives.
For that it asks the concerned technical modules to the
Facilitator. At the PEP point of view, the policy
indicates that this is not a deployment but an audit and
for instance, instead of executing a “setfacl” command,
it executes a “getfacl” command in order to get the state
of the fileserver concerning a particular resource.
To summarize, the use of a multi-agent system
framework gives PDP, PEP and ACE the ability to
cooperate and communicate between themselves in order
to implement policies and get back their real and current
status. It also provides flexibility, openness and
heterogeneity because when we decide to add a new
PEP, we just have to provide the agent able to concretely
apply the policies. This solution provides also
interoperability because the services that ACE and PDP
offer are exhibited as web service (through the Web
Service Integration Gateway, cf. Figure 6) for giving the
possibility to the Organisational Layer to communicate
with the Technical Layer and also to allow other systems
to communicate with this agent-based policy
deployment and audit framework. Next section details
the links between both layers.
4.4. Links with Organisational model
As explained previously, our approach is based on a
twofold development: the generation of access policies
from the Organisational Model and their deployment
into the different devices by the multi-agents system.
Both layers operate in a heterogeneous environment and
may consequently be physically or logically distant.
Therefore it is necessary to establish communication
way disregarding these characteristics. In this context,
the most logical and appropriate solution is the use of
1
LINUX ACL expands access rights to users and
groups. “setfacl” and “getfacl” are the basic ACL
commands.
Web Service. Web Services can meet the needs of
interoperability required by SIM. Moreover they are
independent and may hence facilitate maintenance
without modification of the calls made by clients. The
multi-agents system is able to publish all features of its
agents through Web Services,. By this way, the link is
provided with the Organisational Layer to ensure its
monitoring and auditing.
Figure 11: WSIG architecture
As shown in Figure 11, the Web Services Integration
Gateway plays the role of web server and so makes the
bridge between the multi-agents system and clients (the
Organisational Layer). Its main role is to translate all the
functionality of agents and Web Services in order to
ensure communication with clients. The WSIG interface
is composed of two main entities: a web server (the
WSIG servlet) and a specialised WSIG agent. When
agents register themselves in the yellow pages through
the Directory Facilitator, they are also registered in the
Service Directory of the WSIG in order to translate them
in WSDL format. WSIG agent is able to determine in
real-time availability of other agents and all their
services to update WSDL files. The Web server gets and
forwards the SOAP requests to the WSIG agent, which
translates them in ACL messages comprehensible by
other agents, notably the PDP. Once agents have
completed their work, the result is returned to WSIG,
which forwards it to the client. The WSIG model
architecture is an add-on of the JADE platform.
5. Conclusion and future work
One means for having Good IT Governance is reach
by an effective business IT alignment. As a consequence
defining policy against business requirements become
crucial for business and IT managers. In this paper we
8. have presented an architecture developed to applied
access rights through the definition of business
processes, their transformation into XACML policies
and finally their deployment and their audit with a multi-
agent system.
The future works will focus on improving three
points:
Firstly, our proposed prototype permits to assign
rights directly to users. This solution in practices could
be difficult to manage if the company encompasses a
large number of employees. Solutions exist to face that
problem like the usage of role or team to group peoples
by function and than affecting rights to it. Our next
development will run at integrating that concept in the
prototype from the organization to the technical layer.
Secondly, the extension of the XACML policies in
order to manage other devices than the fileserver and in
order to use a common policy format to deploy and to
audit them.
Thirdly, the security of messages exchanged is not taken
into account: the messages between agents and Web
Service clients are exchanged in plain text format.
Malicious users can take advantage could take advantage
of this lack of security and may themselves fix rights to
various devices to generate their own security policy. As
a consequence, we will integrate a two-factor
authentication system for Web Service and encryption of
messages from agents to ensure the integrity,
confidentiality and authenticity of policies.
5. Acknowledgement
SIM “Secure Identity Management” is an R&D
project of the CRP Henri Tudor achieved in
collaboration with the « University of Luxembourg »
funded by the National Research Fund Luxembourg.
7. References
[1] Benjamin Gateau, Christophe Feltus, Jocelyn Aubert,
Christophe Incoul, An Agent-based Framework for Identity
Management: The Unsuspected Relation with ISO/IEC 15504,
IEEE International Conference on Research Challenges in
Information Science (IEEE RCIS 2008), Marrakech, Morocco.
[2] Christophe Feltus, Preliminary Literature Review of Policy
Engineering Methods - Toward Responsibility Concept,
International Conference on Information & Communication
Technologies: from Theory to Applications (IEEE
ICTTA2008), Damascus, Syria.
[3] David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D.
Richard Kuhn and Ramaswamy Chandramouli, Proposed NIST
Standard for Role-Based Access Control, ACM Transactions
on Information and System Security, Vol. 4, No. 3, August
2001, Pages 224-274.
[4] Yu, E. S. and Liu, L. 2001. Modelling Trust for System
Design Using the i* Strategic Actors Framework. Workshop on
Deception, Fraud, and Trust in Agent Societies Held During
the Autonomous, Eds. Lecture 35 194.
[5] http://www.egroupware.org
[6] Jean-Pierre Briot and Yves Demazeau, Principes et
architectures des systémes multi-agents, Hermés-Lavoisier,
2001.
[7] Nicholas R. Jennings and Michael J. Wooldridge,
Applications of intelligent agents, Agent Technology
Foundations, Applications, and Markets , Springer-Verlag,
1998.
[8] Simon Godik, Tim Moses, et al, “eXtensible Access
Control Markup Language (XACML) Version 1.0”, OASIS
Standard, February 18th, 2003.
[9] D. Durham, J. Boyle, R. Cohen, S. Herzog, R. Rajan, A.
Sastry, “The COPS (Common Open Policy Service) Protocol”,
IETF RFC 2748, january 2000.
[10] R. Enns, “NETCONF Configuration Protocol”, IETF RFC
4741, december 2006.
[11] D. Harrington, R. Presuhn, B. Wijnen, “An Architecture
for Describing Simple Network Management Protocol (SNMP)
Management Frameworks”, IETF RFC 3411, december 2002.