Using Control Frameworks to Map Risks in Web 2.0 Applications

Web 2.0 applications are continuously moving into the corporate mainstream. Each new development brings its own threats or new ways to deliver old attacks. The objective of this study is to develop a framework to identify the security issues an organisation is exposed to through Web 2.0 applications, with specific focus on unauthorised access. An extensive literature review was performed to obtain an understanding of the technologies driving Web 2.0 applications. Thereafter, the technologies were mapped against Control Objectives for Information and related Technology and Trust Service Principles and Criteria and associated control objectives relating to security risks. These objectives were used to develop a framework which can be used to identify risks and formulate appropriate internal control measures in any organisation using Web 2.0 applications. Every organisation, technology and application is unique and the safeguards depend on the nature of the organisation, information at stake, degree of vulnerability and risks. A comprehensive security program should include a multi-layer approach comprising of a control framework, combined with a control model considering the control processes in order to identify the appropriate control techniques.Web 2.0, Security risks, Control framework, Control Objectives for Information and related Technology (CobiT), Trust Service Principles and Criteria

Towards a virtual research environment for paediatric endocrinology across Europe

Paediatric endocrinology is a medical specialty dealing with variations of physical growth and sexual development in childhood. Genetic anomalies that can cause disorders of sexual development in children are rare. Given this, sharing and collaboration on the small number of cases that occur is needed by clinical experts in the field. The EU-funded EuroDSD project (www.eurodsd.eu) is one such collaboration involving clinical centres and clinical and genetic experts across Europe. Through the establishment of a virtual research environment (VRE) supporting sharing of data and a variety of clinical and bioinformatics analysis tools, EuroDSD aims to provide a research infrastructure for research into disorders of sex development. Security, ethics and information governance are at the heart of this infrastructure. This paper describes the infrastructure that is being built and the inherent challenges in security, availability and dependability that must be overcome for the enterprise to succeed

Planning and Design Soa Architecture Blueprint

Service Oriented Architecture (SOA) is a framework for integrating business processes and supporting IT infrastructure as secure, standardized components-services-that can be reused and combined to address changing business priorities. Services are the building blocks of SOA and new applications can be constructed through consuming these services and orchestrating services within a business process. In SOA, services map to the business functions that are identified during business process analysis. Upon a successful implementation of SOA, the enterprise gain benefit by reducing development time, utilizing flexible and responsive application structure, and following dynamic connectivity of application logics between business partners. This paper presents SOA reference architecture blueprint as the building blocks of SOA which is services, service components and flows that together support enterprise business processes and the business goals

An Experience-Connected e-Learning System with a Personalization Mechanism for Learners’ Situations and Preferences

This paper presents an “experience-connected” e- Learning system that facilitates users to learn practical skills of foreign language by associating knowledge and daily-life experiences. “Experience-Connected” means that the users of this system receive personalized and situation-dependent learning materials automatically. Knowledge associated to users’ daily-life has the following advantages: 1) provides opportunities to learn frequently, and 2) provides clear and practical context information about foreign language usage. The unique feature of this system is a dynamic relevance computation mechanism that retrieves learning materials according to both preference relevance and spatiotemporal relevance. Users of this system obtain appropriate learning materials, without manual and time-consuming search processes. This paper proves the feasibility of the system by showing the actual system implementation that automatically broadcasts the media-data of foreign language learning materials to smart-phones

SOA: Trends and Directions

While many organizations have adopted SOA there are recent indications that not all organizations are willing to make substantial investments in new skills and technologies required for the transition to SOA in the current economic climate. The recent emergence of Cloud Computing is continuing the trend of delivering enterprise applications and IT infrastructure in the form of externally sourced services, providing an alternative to on-premise solutions. The convergence of Cloud Computing and Web 2.0 is redefining the very basis on which the computer industry has operated for decades, challenging some of the basic SOA assumptions and principles. In this paper we discuss the synergies between the above technology trends and consider the likely impact of these trends on enterprise computing

Computer Science's Digest Volume 3

This series of textbooks was created for the students of the Systems Engineering Program at the University of Nariño. They have been intentionally written in English to promote reading in a foreign language. The textbooks are a collection of reflections and workshops on specific situations in the field of computer science, based on the authors’ experiences. The main purpose of these textbooks is essentially academic. The way in which the reflections and workshops were constructed follows a didactic structure, to facilitate teaching and learning, making use of English as a second language. This book covers Professional Issues in Computing and Programming the Interne

e-Report Generator Supporting Communications and Fieldwork: A Practical Case of Electrical Network Expansion Projects

In this piece of work we present a simple way to incorporate Geographical Information System tools that have been developed using open source software in order to help the different processes in the expansion of the electrical network. This is accomplished by developing a novel fieldwork tool that provides the user with automatically generated enriched e-reports that include information about every one of the involved private real estates in a specific project. These reports are an eco-friendly alternative to paper format, and can be accessed by clients using any kind of personal device with a minimal set of technical requirements