52,777 research outputs found
Service Level Agreement-based GDPR Compliance and Security assurance in (multi)Cloud-based systems
Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679) and security
assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security
mechanisms definition, enforcement and control, including evidence collection. This paper presents a novel DevOps
framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include
the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any)
and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security
level objectives in the system Service Level Agreement (SLA) and in their continuous monitoring and enforcement at runtime.The research leading to these results has received
funding from the European Union’s Horizon 2020 research
and innovation programme under grant agreement No 644429
and No 780351, MUSA project and ENACT project,
respectively. We would also like to acknowledge all the
members of the MUSA Consortium and ENACT Consortium
for their valuable help
EU counterterrorism strategy: value added or chimera?
Europe did not wake up to terrorism on 9/11; terrorism is solidly entrenched in Europe's past. The historical characteristics of Europe's counterterrorism approach have been first, to treat terrorism as a crime to be tackled through criminal law, and second, to emphasize the need for understanding the 'root causes' of terrorism in order to be able to prevent terrorist acts. The 9/11 attacks undoubtedly brought the EU into uncharted territory, boosting existing cooperation and furthering political integration-in particular in the field of justice and home affairs, where most of Europe's counterterrorism endeavours are situated-to a degree few would have imagined some years earlier. This development towards European counterterrorism arrangements was undoubtedly event-driven and periods of inertia and confusion alternated with moments of significant organizational breakthroughs. The 2005 London attacks contributed to a major shift of emphasis in European counterterrorism thinking. Instead of an external threat, terrorism now became a home-grown phenomenon. The London bombings firmly anchored deradicalization at the heart of EU counterterrorism endeavours
Interoperability, Trust Based Information Sharing Protocol and Security: Digital Government Key Issues
Improved interoperability between public and private organizations is of key
significance to make digital government newest triumphant. Digital Government
interoperability, information sharing protocol and security are measured the
key issue for achieving a refined stage of digital government. Flawless
interoperability is essential to share the information between diverse and
merely dispersed organisations in several network environments by using
computer based tools. Digital government must ensure security for its
information systems, including computers and networks for providing better
service to the citizens. Governments around the world are increasingly
revolving to information sharing and integration for solving problems in
programs and policy areas. Evils of global worry such as syndrome discovery and
manage, terror campaign, immigration and border control, prohibited drug
trafficking, and more demand information sharing, harmonization and cooperation
amid government agencies within a country and across national borders. A number
of daunting challenges survive to the progress of an efficient information
sharing protocol. A secure and trusted information-sharing protocol is required
to enable users to interact and share information easily and perfectly across
many diverse networks and databases globally.Comment: 20 page
Privacy In The Smart Grid: An Information Flow Analysis
Project Final Report prepared for CIEE and California Energy Commissio
Ensuring Cyber-Security in Smart Railway Surveillance with SHIELD
Modern railways feature increasingly complex embedded computing systems for surveillance, that are moving towards fully wireless smart-sensors. Those systems are aimed at monitoring system status from a physical-security viewpoint, in order to detect intrusions and other environmental anomalies. However, the same systems used for physical-security surveillance are vulnerable to cyber-security threats, since they feature distributed hardware and software architectures often interconnected by ‘open networks’, like wireless channels and the Internet. In this paper, we show how the integrated approach to Security, Privacy and Dependability (SPD) in embedded systems provided by the SHIELD framework (developed within the EU funded pSHIELD and nSHIELD research projects) can be applied to railway surveillance systems in order to measure and improve their SPD level. SHIELD implements a layered architecture (node, network, middleware and overlay) and orchestrates SPD mechanisms based on ontology models, appropriate metrics and composability. The results of prototypical application to a real-world demonstrator show the effectiveness of SHIELD and justify its practical applicability in industrial settings
Regulator audit framework
Summary: The framework set out in this paper provides guidance for auditing the performance of regulators in regard to the compliance costs they impose on business and other regulated entities. It complements other frameworks that are used to assess the performance of regulators in regard to their efficiency and effectiveness, and processes for ex ante assessment of the impact of proposed regulations. The framework should be applied within institutional arrangements that establish the authority, resources, and mechanisms to hold regulators to account.
For audits to improve regulator performance in this regard they need to:
develop an audit plan in consultation with business and other stakeholders. This document should set out how the regulator will reduce compliance costs (good practice indicators), and how their achievement of this objective will be assessed (metrics)
reward good performance and sanction poor performance
comply with, and report against, the high level principles for good performance
be public documents, with the audit plans and reports made available on the regulator\u27s website.
In order for the audits to be undertaken in an effective and efficient way they should:
focus on the principles and particular areas of regulator behaviour that have the greatest effect on the cost of compliance for businesses they regulate — these will differ across regulators
select good practice indicators that best reflect regulator behaviour that minimises compliance costs while still achieving the objectives of the regulation
provide metrics at the highest level possible to demonstrate the satisfaction of the principle or indicator, utilising data and information from existing sources where available
require auditors to \u27triangulate\u27 information in forming a view of the satisfactory achievement of a principle
be included as a separate module in external audits that examine broader areas of performance of the regulator and regulation.
As part of the broader system that promotes regulation reform and reduces regulatory burden, oversight is needed to:
ensure that audit plans are prepared and that both plans and audit reports are published
coordinate the development of audit plans and audits to minimise the costs to business of participating in the process, and prioritise resources to where the potential for improvement is greatest
facilitate feedback on the quality of the regulations and need for reform
publish a report card facilitating comparison of the performance of regulators and lessons on approaches that have worked well in reducing compliance costs
An Evaluation Schema for the Ethical Use of Autonomous Robotic Systems in Security Applications
We propose a multi-step evaluation schema designed to help procurement agencies and others to examine the ethical dimensions of autonomous systems to be applied in the security sector, including autonomous weapons systems
- …