Components of a multi-perspective modeling method for designing and managing IT security systems

Information technology (IT) security design and management are a major concern and substantial challenge for IT management. Today’s highly complex business and technological environments and the need to effectively communicate and justify IT security requirements and controls demand methodical support. The modeling method presented in this paper addresses this demand. The method is based on the assumption that enriched enterprise models integrating technological, business, organizational and strategic aspects provide an effective foundation for developing and managing IT security systems and facilitating communication and understanding between stakeholders. The proposed modeling method for designing and managing IT security in organizations accounts for different perspectives and is based on multi-perspective enterprise modeling. The core components of the method, based on analysis of requirements at different levels of abstraction, are: modeling language concepts specifically designed to address security issues, process models that guide the use of the resulting language, and a modeling environment. The method facilitates elaborate representations of the various aspects of IT security at different levels of abstraction and covers the entire lifecycle of IT security systems. It not only supports multi-perspective requirement analysis and design but also enables monitoring and analysis of IT security at runtime. The presented artifact is evaluated with recourse to a research method that enables the configuration of multi-criteria justification procedures.     

A method for the evaluation of risk in IT projects

Information technology projects are particularly prone to failure due to their specific characteristics, making risk management become one of the critical elements in IT projects management. That is why several authors have developed risk evaluation methods, some of them based on fuzzy logic. This article proposes a new risk assessment method based in a combination of fuzzy analytic hierarchy process (FAHP) and fuzzy inference system (FIS). FIS is used for the integration of the groups of risk factors. These risk factors are the evaluation criteria of a modified FAHP which minimizes the disadvantages of the classic implementation of FAHP in order to obtain a more intuitive and easily adjustable model for multicriteria decision analysis with a lower computational need. The proposed model takes into consideration the different levels of uncertainty, the interrelationship among groups of risk factors, and the possibility of adding or suppressing options without losing the consistency with previous evaluations. The new method is especially suitable for the evaluation of development projects in the area of IT in which multiple interrelated risk factors can be particularly uncertain and imprecise. To implement the evaluation method, a hierarchy of risk factors was implemented. A numerical example is presented with data from three actual cases of IT projects, showing the applicability of the new method, the suitability of the selected taxonomy, and the significance of a few risk factors. Several future lines of work are proposed.     

Model-based qualitative risk assessment for availability of IT infrastructures

For today’s organisations, having a reliable information system is crucial to safeguard enterprise revenues (think of on-line banking, reservations for e-tickets etc.). Such a system must often offer high guarantees in terms of its availability; in other words, to guarantee business continuity, IT systems can afford very little downtime. Unfortunately, making an assessment of IT availability risks is difficult: incidents affecting the availability of a marginal component of the system may propagate in unexpected ways to other more essential components that functionally depend on them. General-purpose risk assessment (RA) methods do not provide technical solutions to deal with this problem. In this paper we present the qualitative time dependency (QualTD) model and technique, which is meant to be employed together with standard RA methods for the qualitative assessment of availability risks based on the propagation of availability incidents in an IT architecture. The QualTD model is based on our previous quantitative time dependency (TD) model (Zambon et al. in BDIM ’07: Second IEEE/IFIP international workshop on business-driven IT management. IEEE Computer Society Press, pp 75–83, 2007), but provides more flexible modelling capabilities for the target of assessment. Furthermore, the previous model required quantitative data which is often too costly to acquire, whereas QualTD applies only qualitative scales, making it more applicable to industrial practice. We validate our model and technique in a real-world case by performing a risk assessment on the authentication and authorisation system of a large multinational company and by evaluating the results with respect to the goals of the stakeholders of the system. We also perform a review of the most popular standard RA methods and discuss which type of method can be combined with our technique.     

A participative end-user method for multi-perspective business process elicitation and improvement

A business process can be characterized by multiple perspectives (intentional, organizational, operational, functional, interactional, informational, etc). Business process modeling must allow different stakeholders to analyze and represent process models according to these different perspectives. This representation is traditionally built using classical data acquisition methods together with a process representation language such as BPMN or UML. These techniques and specialized languages can easily become hard, complex and time consuming. In this paper, we propose ISEA, a participative end-user modeling approach that allows the stakeholders in a business process to collaborate together in a simple way to communicate and improve the business process elicitation in an accurate and understandable manner. Our approach covers the organizational perspective of business processes, exploits the information compiled during the elicitation of the organizational perspective and touches lightly an interactional perspective allowing users to create customized interface sketches to test the user interface navigability and the coherence within the processes. Thus, ISEA can be seen as a participative end-user modeling approach for business process elicitation and improvement.     

A hierarchical modeling approach for risk assessment in developmental toxicity studies

Within the past decade, there has been an increasing interest in the problem of joint analysis of clustered multiple outcome data, motivated by developmental toxicity applications. Typically, a toxic insult early in gestation may result in a resorbed fetus or a fetal death. If however the fetus survives the entire gestation period, growth reduction such as low birth weight may occur, or can exhibit a malformation. Ideally, a model should take the complete hierarchical structure of the data into account. So far, however, one has tackled the challenges in this setting only partly each time making different restricting assumptions (e.g., restriction to viable fetuses only). In addition, because of genetic similarity and the same treatment conditions, offsprings of the same mother behave more alike than those of another mother. Thus, responses on different fetuses within a cluster are likely to be correlated. The ultimate scientific question requires assessing the full effect of dose administration, not only in the malformation and weight outcome, but also in the death outcome. A hierarchical Bayesian method is proposed to this effect. Such a model can serve as a basis for quantitative risk assessment.     

面向任务的量化风险评估方法

将管理层面的评估与技术层面的评估相结合,提出了一种基于任务模型的风险量化评估方法。与传统的风险评估量化方法相比,该模型以组织的任务目标为核心,避免主观偏见,排除与任务无关的资产、弱点、威胁的影响。提出的基于关键状态建立评估要素之间关联关系的方法,减小了无关联威胁及弱点对评估结果的误导,更贴近客观现实。     

A framework for estimating information security risk assessment method completeness

In general, an information security risk assessment (ISRA) method produces risk estimates, where risk is the product of the probability of occurrence of an event and the associated consequences for the given organization. ISRA practices vary among industries and disciplines, resulting in various approaches and methods for risk assessments. There exist several methods for comparing ISRA methods, but these are scoped to compare the content of the methods to a predefined set of criteria, rather than process tasks to be carried out and the issues the method is designed to address. It is the lack of an all-inclusive and comprehensive comparison that motivates this work. This paper proposes the Core Unified Risk Framework (CURF) as an all-inclusive approach to compare different methods, all-inclusive since we grew CURF organically by adding new issues and tasks from each reviewed method. If a task or issue was present in surveyed ISRA method, but not in CURF, it was appended to the model, thus obtaining a measure of completeness for the studied methods. The scope of this work is primarily functional approaches risk assessment procedures, which are the formal ISRA methods that focus on assessments of assets, threats, vulnerabilities, and protections, often with measures of probability and consequence. The proposed approach allowed for a detailed qualitative comparison of processes and activities in each method and provided a measure of completeness. This study does not address aspects beyond risk identification, estimation, and evaluation; considering the total of all three activities, we found the “ISO/IEC 27005 Information Security Risk Management” to be the most complete approach at present. For risk estimation only, we found the Factor Analysis of Information Risk and ISO/IEC 27005:2011 as the most complete frameworks. In addition, this study discovers and analyzes several gaps in the surveyed methods.     

DFT modeling approach for operational risk assessment of railway infrastructure

International Journal on Software Tools for Technology Transfer - Reliability engineering of railway infrastructure aims to understand failure processes and to improve the efficiency and...     

A multi-perspective knowledge-based system for customer service management

The e-business arena is a dynamic, complex and demanding environment. It is essential to make optimal reuse of knowledge of customer services across various functional units of the enterprise. On the other hand, it is also important to ensure that the customer service staff can access and be trained up with dynamically updated knowledge that meets the changing business environment of an enterprise in customer services. However, conventional way of customer service management (CSM) is inadequate to achieve the multi-perspective of an enterprise for achieving knowledge acquisition, knowledge diffusion, business automation and business performance measurement so as to drive the continuous improvement of the customer service quality. In this paper, a multi-perspective knowledge-based system (MPKBS) is proposed for CSM. The MPKBS incorporates various artificial intelligence technologies such as case-based reasoning (CBR) and adaptive time-series model which are used for decision analysis, performance measurement and monitoring. A prototype customer service portal has been built based on the MPKBS and implemented successfully in a consultancy business.     

In silico modeling for the risk assessment of toxicity in cells

A cell is a complex biochemical reactor. Various biochemical reactions take place in it to carry out different tasks. One such task is the metabolism of the ubiquitous environmental carcinogenic compounds Polycyclic Aromatic Hydrocarbons (PAHs) in biological cells, which is crucial to model. These PAHs are lipophilic did partition into membranes and diffuse through them to demolish the DNA and thereby cause toxicity or tumors. Therefore there is a dire need of the development of a model for the assessment of these carcinogenic chemical compounds. Earlier, a 3D model was developed in order to investigate the cellular fate after being affected by PAHs, but this model was lacking the presence of Nucleolemma with its enzymatic reactions, which is an important factor to be considered. Thus, a new 3D model was developed which in addition to the other domains, consists of Nucleolemma along with its enzymatic reactions. A homogenization approach was used for the numerical treatment of cytoplasm to scale down the complexity of the model. The numerical results of the extended model were validated against the numerical results of the old model and the experimental results, where the results of extended model clearly show the improvement and convergence to the experimental results not only qualitatively but quantitatively as well.     

适用于软件成本估计及风险评估的混合方法

论文提出了一种用于软件成本估计以及风险评估的方法。该方法将基于算法模型与基于经验的两种成本估计方法相结合,一方面以软件项目基础数据作为评估基础,另一方面则利用了专家知识。另外,该方法还可应用于软件风险评估。为了说明该方法以及证明其可行性,文中提供了一个案例研究。该案例详细说明如何构建成本费用估计模型以及如何利用该方法进行软件风险评估。     

一种虚拟现实建模的新方法

介绍了OpenGL和Matlab2009a各自的特点,在结合各自特点基础上,建立了基于二者的虚拟现实三维建模开发平台;以建立的虚拟现实建模开发平台为例,对比已有的使用Matlab外部接口的方法,证明了基于OpenGL和Matlab开发方法的优越性和有效性.     

信息系统风险评估方法的研究

在信息安全领域,风险评估是建立信息系统安全体系的基础和前提,而风险评估方法对评估的有效性起着举足轻重的作用.风险评估方法有很多种,每种方法都有其不足之处.设计的风险评估方法采用威胁树模型和层次分析法相结合的方式,利用两种评估方法的优势,弥补了单一风险评估方法的不足,旨在探讨一种更有效、更合理、更准确的风险评估方法.     

基于风险因子对的软件外包风险评估方法

针对软件外包风险数据难以获取、不确定性较多的特点,提出了一种基于风险因子对的软件外包风险评估方法.该方法通过访谈获得典型的软件外包风险因子、利用文献调研度量这些软件外包风险因子,使用Delphi法确定风险因子对.在此基础上,根据风险相关数据收集情况选择使用公式法或蒙特卡洛仿真法评估软件外包项目风险.案例研究表明,该方法可以准确地评估软件外包项目中的风险,并给出对项目产生最大影响的风险因子对.     

Attention-shaping tools,expertise, and perceived control in IT project risk assessment

This study investigates the use of attention-shaping tools and their interactions with expertise and perceptions of control on individual decision-making about risks in IT projects. The paper uses data collected from 118 IT project experts and 140 novices through a role-playing experiment to provide several novel insights into how these three factors independently and collectively influence perception of risks and subsequent project continuation decisions. First, attention-shaping tools have a significant effect on both risk perception and decision-making. However, among individuals with low expertise, risk shaping tools exhibit a significant but dual-sided effect on risk perception. They help identify risks captured by the attention-shaping tool but simultaneously introduce blind spots in their risk awareness. Second, while individuals with greater expertise perceive significantly higher levels of risks relative to those with lower expertise, the level of expertise had generally no influence on decision-making. Third, we found that perceived control is a powerful factor influencing both risk perception and decision-making. Implications for research and practice are discussed along with potential avenues for future research.     

信息系统风险评估空间动态应力关系方法

为解决当前缺乏有效的信息系统动态风险评估技术的问题,研究了信息系统风险评估空间动态应力关系计算方法.通过对信息系统资产的安全属性进行空间转化,构造出信息资产安全属性空间,基于空间应力函数建立了资产属性相互关系动态应力模型.根据描述的资产所在安全属性空间曲面中的曲率变化,表现出资产安全属性之间的相互影响关系,并随时调整和计算资产安全属性值,实现了动态的风险防范措施决策,最后用实例证明了模型的有效性.     

Plural: A decentralized business process modeling method

Top-down and centralized approaches prevail in the design and improvement of business processes. However, centralized structures pose difficulties for organizations in adapting to a rapidly changing business environment. Here we present the Plural method which can be used to guide organizations in performing process modeling in a decentralized way. Instead of a centralized group of people understanding, modeling and improving processes, our method allows individuals to model and improve their own processes to help in fulfilling their roles in the organization. An individual model depicts a set of activities performed by a role, which together result in a cohesive service within the organization. These individual models are then integrated as necessary to show the way the organization works. We applied the Plural method in a case study of a small-size software organization. We describe the method and its underlying principles and then discuss the findings of our case study, lessons learned, and limitations. The study thus provided evidence of Plural's utility and showed how an organization might exploit its strengths.     

A generalized kinematic modeling method for modular robots

Modular robots can be defined as reconfigurable mechanical arms which can be automatically controlled using suitable motion control software. In this article, a generalized kinematic modeling method is presented for such modular robots. This method can be used to derive the individual kinematic models of all the mechanical elements that make up the inventory of modular units, independently of their geometry and sequence of assembly into a robot. A general procedure is also presented to derive a global kinematic model of any robot configured using these modular units. The kinematic modeling technique of the units is based on Denavit-Hartenberg (D-H) parameter notation. A provision is also presented for converting “non D-H” parameter transformations, obtained in assembling the kinematic chain, into D-H transformations. This D-H conversion feature allows the modeling technique to preserve its generality when a kinematic model is obtained for the specific robot configuration at hand. The conceptual design of modular robot units that is under development in the Computer Integrated Manufacturing Laboratory (CIML) is also presented to show the feasibility of a modular approach to robot design and to clarify some of the mathematical for mulations developed in the article.