Auditors\u27 judgments and decisions under time pressure: an illustration and agenda for research

https://egrove.olemiss.edu/dl_proceedings/1098/thumbnail.jp

Extracting Role-Based Access Control Models from Business Process Event Logs

Keeruliste äriprotsesside ja järjest suurenevate andmemahtude juures on väljakutsuvaks ülesandeks analüüsida ja parandada ettevõtte äriprotsessi andmeturvalisust. Infosüsteemid, mis toetavad äriprotsessi mudeli (abstraktne esitus äriprotsessist) rakendamist, registreerivad äriprotsessi tegevusi sündmustena eraldi logisse. Salvestatud sündmuste logid on aluseks äriprotsessiga seotud andmete kaevamiseks. Need andmed on vajalikud äriprotsessi analüüsimiseks ja parendamiseks, kuid neid andmeid võib kasutada ka turvaanalüüsiks. Turvaanalüüsi üheks eesmärgiks on ka kontrollida, kas nende andmete hulgas turvalisusega seotud informatsioon on kooskõlas praeguste turvanõuetega. Lisaks, äriprotsessi logide peal saab rakendada äriprotsessikaeve (uurimisvaldkond, mis ühendab andmekaeve ja äriprotsesside modelleerimise) tehnikaid, et luua äriprotsessi mudeleid. Lisaks äriprotsessi mudelitele on võimalik tuletada ka teisi mudeleid, näiteks turvamudeleid, mida saab hiljem kasutada turvameetmete tagamiseks infosüsteemis. Käesoleva töö eesmärgiks on esitada üks võimalik meetod, kuidas luua rollipõhist ligipääsukontrolli esitatavaid turvamudeleid (Role- Based Access Control models) XES-formaadis sündmuste logidest, mis on salvestatud äriprotsessi toetava infosüsteemi poolt. Lisatähelepanu on suunatud kaitstavate infovarade väljaselgitamiseks sündmuste logide põhjal. Need infovarad on näiteks dokumendid, dokumendiväljad, või muud andmed, mida töödeldakse äriprotsessi tegevuste jooksul. Lisaks, me hindame antud meetodi rakendatavust reaalse äriprotsessi sündmuste logi peal. Ühe võimaliku meetodina me kontrollime sündmuste logi andmete ja seoste vastavust juurdepääsu õigustega olemasoleva rollipõhise juurdepääsu kontrolli turvamudelis. Lõppkokkuvõttes võib sündmuste logidest tuletatud rollipõhist ligipääsu kontrolli mudelit võtta aluseks turvaanalüüsiks või rakendada mõnes süsteemis juurdepääsumehhanismina.Today, as business processes are getting more complex and the volumes of stored data about business process executions are increasing in size, collecting information for the analysis and for the improvement of the business process security1, is becoming a complex task. Information systems that support business processes record business process executions into event logs which capture the behavior of system usage in terms of events. Business process event logs can be used for analysing and improving the business process, but also for analysing the information security. One of the main goals of security analysis is to check the compliance with existing security requirements. Also event logs can be the basis for business process mining, or shortly process mining. Utilizing bottom-up process mining on event logs, we can extract business process-related information for security analysis. Process mining is not just only for discovering business process models, but also other models, such as security models. For this purpose, we present a possible approach to extract RBAC models (semi-)automatically from event logs in XES format. The focus is also on determining the protected business assets, such as document or other artifact data that is exchanged and accessed during business process activities. In addition, we evaluate the applicability of this approach with conformance checking where we check the compliance of a real-life event log with respect to the LTL constraints translated from RBAC model. Eventually, the purpose of the extracted RBAC models is that they provide a basis for security analysis and they can be adapted by other applications in order to implement access control mechanism

Implementations in Machine Ethics: A Survey

Increasingly complex and autonomous systems require machine ethics to maximize the benefits and minimize the risks to society arising from the new technology. It is challenging to decide which type of ethical theory to employ and how to implement it effectively. This survey provides a threefold contribution. First, it introduces a trimorphic taxonomy to analyze machine ethics implementations with respect to their object (ethical theories), as well as their nontechnical and technical aspects. Second, an exhaustive selection and description of relevant works is presented. Third, applying the new taxonomy to the selected works, dominant research patterns, and lessons for the field are identified, and future directions for research are suggested.Comment: published version, journal paper, ACM Computing Surveys, 38 pages, 7 tables, 4 figure

High-throughput analysis and advanced search for visually-observed phenotypes

Title from PDF of title page (University of Missouri--Columbia, viewed on May 13, 2013).The entire thesis text is included in the research.pdf file; the official abstract appears in the short.pdf file; a non-technical public abstract appears in the public.pdf file.Dissertation advisor: Dr. Chi-Ren ShyuIncludes bibliographical references.Vita.Ph. D. University of Missouri--Columbia 2012."May 2012"The trend in many scientific disciplines today, especially in biology and genetics, is towards larger scale experiments in which a tremendous amount of data is generated. As imaging of data becomes increasingly more popular in experiments related to phenotypes, the ability to perform high-throughput big data analyses and to efficiently locate specific information within these data based on increasingly complicated and varying search criteria is of great importance to researchers. This research develops several methods for high-throughput phenotype analysis. This notably includes a registration algorithm called variable object pattern matching for mapping multiple indistinct and dynamic objects across images and detecting the presence of missing, extra, and merging objects. Research accomplishments resulted in a number of unique advanced search mechanisms including a retrieval engine that integrates multiple phenotype text sources and domain ontologies and a search method that retrieves objects based on temporal semantics and behavior. These search mechanisms represent the first of their kind in the phenotype community. While this computational framework is developed primarily for the plant community, it has potential applications in other domains including the medical field.Includes bibliographical references

An Analysis Review: Optimal Trajectory for 6-DOF-based Intelligent Controller in Biomedical Application

With technological advancements and the development of robots have begun to be utilized in numerous sectors, including industrial, agricultural, and medical. Optimizing the path planning of robot manipulators is a fundamental aspect of robot research with promising future prospects. The precise robot manipulator tracks can enhance the efficacy of a variety of robot duties, such as workshop operations, crop harvesting, and medical procedures, among others. Trajectory planning for robot manipulators is one of the fundamental robot technologies, and manipulator trajectory accuracy can be enhanced by the design of their controllers. However, the majority of controllers devised up to this point were incapable of effectively resolving the nonlinearity and uncertainty issues of high-degree freedom manipulators in order to overcome these issues and enhance the track performance of high-degree freedom manipulators. Developing practical path-planning algorithms to efficiently complete robot functions in autonomous robotics is critical. In addition, designing a collision-free path in conjunction with the physical limitations of the robot is a very challenging challenge due to the complex environment surrounding the dynamics and kinetics of robots with different degrees of freedom (DoF) and/or multiple arms. The advantages and disadvantages of current robot motion planning methods, incompleteness, scalability, safety, stability, smoothness, accuracy, optimization, and efficiency are examined in this paper

Implementations in Machine Ethics: A Survey

Increasingly complex and autonomous systems require machine ethics to maximize the benefits and minimize the risks to society arising from the new technology. It is challenging to decide which type of ethical theory to employ and how to implement it effectively. This survey provides a threefold contribution. First, it introduces a trimorphic taxonomy to analyze machine ethics implementations with respect to their object (ethical theories), as well as their nontechnical and technical aspects. Second, an exhaustive selection and description of relevant works is presented. Third, applying the new taxonomy to the selected works, dominant research patterns, and lessons for the field are identified, and future directions for research are suggested

Tools and techniques for analysing the impact of information security

PhD ThesisThe discipline of information security is employed by organisations to protect the confidentiality, integrity and availability of information, often communicated in the form of information security policies. A policy expresses rules, constraints and procedures to guard against adversarial threats and reduce risk by instigating desired and secure behaviour of those people interacting with information legitimately. To keep aligned with a dynamic threat landscape, evolving business requirements, regulation updates, and new technologies a policy must undergo periodic review and change. Chief Information Security Officers (CISOs) are the main decision makers on information security policies within an organisation. Making informed policy modifications involves analysing and therefore predicting the impact of those changes on the success rate of business processes often expressed as workflows. Security brings an added burden to completing a workflow. Adding a new security constraint may reduce success rate or even eliminate it if a workflow is always forced to terminate early. This can increase the chances of employees bypassing or violating a security policy. Removing an existing security constraint may increase success rate but may may also increase the risk to security. A lack of suitably aimed impact analysis tools and methodologies for CISOs means impact analysis is currently a somewhat manual and ambiguous procedure. Analysis can be overwhelming, time consuming, error prone, and yield unclear results, especially when workflows are complex, have a large workforce, and diverse security requirements. This thesis considers the provision of tools and more formal techniques specific to CISOs to help them analyse the impact modifying a security policy has on the success rate of a workflow. More precisely, these tools and techniques have been designed to efficiently compare the impact between two versions of a security policy applied to the same workflow, one before, the other after a policy modification. This work focuses on two specific types of security impact analysis. The first is quantitative in nature, providing a measure of success rate for a security constrained workflow which must be executed by employees who may be absent at runtime. This work considers quantifying workflow resiliency which indicates a workflow’s expected success rate assuming the availability of employees to be probabilistic. New aspects of quantitative resiliency are introduced in the form of workflow metrics, and risk management techniques to manage workflows that must work with a resiliency below acceptable levels. Defining these risk management techniques has led to exploring the reduction of resiliency computation time and analysing resiliency in workflows with choice. The second area of focus is more qualitative, in terms of facilitating analysis of how people are likely to behave in response to security and how that behaviour can impact the success rate of a workflow at a task level. Large amounts of information from disparate sources exists on human behavioural factors in a security setting which can be aligned with security standards and structured within a single ontology to form a knowledge base. Consultations with two CISOs have been conducted, whose responses have driven the implementation of two new tools, one graphical, the other Web-oriented allowing CISOs and human factors experts to record and incorporate their knowledge directly within an ontology. The ontology can be used by CISOs to assess the potential impact of changes made to a security policy and help devise behavioural controls to manage that impact. The two consulted CISOs have also carried out an evaluation of the Web-oriented tool. vii

Advances in Information Security and Privacy

With the recent pandemic emergency, many people are spending their days in smart working and have increased their use of digital resources for both work and entertainment. The result is that the amount of digital information handled online is dramatically increased, and we can observe a significant increase in the number of attacks, breaches, and hacks. This Special Issue aims to establish the state of the art in protecting information by mitigating information risks. This objective is reached by presenting both surveys on specific topics and original approaches and solutions to specific problems. In total, 16 papers have been published in this Special Issue