Managing digital identities and access control for enterprise users and applications remains one of the greatest challenges facing computing today. An attempt to address this issue led to the proposed security paradigm called Identity and Access Management (IAM) service based on IAM standards. Current approaches such as Lightweight Directory Access Protocol (LDAP), Central Authentication Service (CAS) and Security Assertion Markup Language (SAML) lack comprehensive analysis from conception to physical implementation to incorporate these solutions thereby resulting in impractical and fractured solutions. In this paper, we have implemented Identity and Access Management System (IAMSys) using the Lightweight Directory Access Protocol (LDAP) which focuses on authentication, authorization, administration of identities and audit reporting. Its primary concern is verification of the identity of the entity and granting correct level of access for resources which are protected in either the cloud environment or on-premise systems. A phased approach methodology was used in the research where it requires any enterprise or organization willing to adopt this must carry out a careful planning and demonstrated a good understanding of the technologies involved. The results of the experimental evaluation indicated that the average rating score is 72.0 % for the participants involved in this study. This implies that the idea of IAMSys is a way to mitigating security challenges associated with authentication, authorization, data protection and accountability if properly deployed
4th International Conference on Open RepositoriesThis presentation was part of the session : Conference PresentationsDate: 2009-05-19 03:00 PM â 04:30 PMLong-term preservation and stewardship of scientific data and research-related information is paramount to the future of science and scholarship. Disciplinary and interdisciplinary scientific data archives can offer capabilities for managing and preserving data for research, education, and decision-making activities of future communities representing various scientific and scholarly disciplines. However, meeting the requirements for a trusted digital repository presents challenges to ensure that archived collections will be discoverable, accessible, and usable in the future. Assessing whether scientific data archives meet the requirements for trustworthy repositories will help to ensure that todayâ s collections of scientific data will be available in the future. A continuing self-assessment of a long-term archive for interdisciplinary scientific data is being conducted to identify improvements needed to become a trustworthy repository for managing and providing access to interdisciplinary scientific data by future communities of users. Recommendations are offered for archives of scientific data to meet the requirements of a trustworthy repository.NAS
The Service Oriented Architecture (SOA) approach enables the development of flexible distributed applications. Auditing such applications implies several specific challenges related to interoperability, performance and security. The service oriented architecture model is described and the advantages of this approach are analyzed. We also highlight several quality attributes and potential risks in SOA applications that an architect should be aware when designing a distributed system. Key risk factors are identified and a model for risk evaluation is introduced. The top reasons for auditing SOA applications are presented as well as the most important standards. The steps for a successful audit process are given and discussed.Service Oriented Architecture, Audit, Quality Attributes, Interoperability, Performance, Security
[Excerpt] I am pleased to submit this Semiannual Report to Congress, which highlights the most significant activities and accomplishments of the U.S. Department of Labor, Office of Inspector General (DOL-OIG), for the six-month period ending September 30, 2009. During this reporting period, our investigative work led to 214 indictments, 221 convictions, and 123.1millioninmonetaryaccomplishments.Inaddition,weissued22auditandotherreports.OIGauditsandinvestigationscontinuetoassesstheeffectiveness,efficiency,economy,andintegrityofDOLâsprogramsandoperations.Wealsocontinuetoinvestigatelaborracketeeringand/ororganizedcrimeinfluenceagainstunions,employeebenefitplans,andworkers.Fromanauditperspective,theOIGishighlyengagedinensuringtheintegrityofDOLactivitiesrelatedtotheAmericanRecoveryandReinvestmentActof2009(RecoveryAct)funding.Duringthisreportingperiod,weissuedfivereportstothatend.AmongourfindingsarethatDOLimplementedproceduresfortheaccountingofRecoveryActfinancialactivity,actedquicklytoimplementthepremiumâassistanceprovisionsforworkerswhotemporarilymaintaintheirhealthinsuranceatgroupratesafterlosingtheirjobs,andeffectivelyimplementedthetemporaryprogramforadditionalunemploymentcompensationforeligiblerecipients.Wealsoidentifiedareasforimprovementrelatedtofinancialandperformancereportingandprogrammaticcoordinationwithstates.AnauditfoundshortcomingswithDOLâsnewiCertsystem,whichisdesignedtoidentifyinaccuraciesinHâ1Blaborconditionapplications(LCAs)forforeignworkers.Wefoundthat,becauseofmissingelectronicchecks,manualreviewsoftheLCAsbyanalystsarenecessary.However,increasesinthevolumeofapplicationsmayresultinanalystsnotbeingabletoperforma100percentreview.ThisincreasestheriskofLCAsbeingimproperlycertified.OurauditsalsocontinuetorevealthatsomeJobCorpscentersdonotcomplywithrequirementsforreportingperformanceforstudentattendanceandaccountability.Wealsofoundthat,atthreecenters,acontractorhadnotensuredcompliancewithprocedurestoaddressstudentmisconduct.AnauditofthehandlingofinjuredFederalemployeesâreemploymentstatusattwoFederalworkersâcompensationdistrictofficesfoundthattheDepartmentdidnotensurethatconsistentinterventionactionsweretakentowardremovingcasesfromtheperiodicroll.ThisincreasedtheriskofclaimantscontinuingtoreceivefullFederalEmployeeâsCompensationActbenefitsaftertheywereabletoreturntoworkoraftertheircompensationcouldhavebeenreduced.Ourinvestigationscontinuetocombatorganizedcrimeand/orlaborracketeeringinvolvingthemoniesinunionâsponsoredbenefitplans,internalunioncorruption,andlaborâmanagementrelations.AmajorOIGinvestigationdisclosedmorethan30yearsoforganizedcrimecontroloftheInternationalLongshoremenâsAssociationLocal1235,whichrepresentsportworkersinNewJersey.Inanotherinvestigation,thebusinessmanagerfortheElectricalWorkersLocalUnionNo.3,whowasaformerNewYorkStateassemblyman,wassentencedto10yearsâimprisonmentonracketeering,bankfraud,andfalsestatementchargesinvolvinganumberofschemescarriedoutforpersonalgain.OIGinvestigationsalsoidentifiedvulnerabilitiesandfraudinDOLprograms,suchastheforeignlaborcertification(FLC)program.OneOIGinvestigationledtotherecentsentencingofViktarKrusandhiscoâconspiratorstovariousperiodsofincarcerationforfraudulentlyobtainingvisasformorethan3,800foreignnationalsanddefraudingthegovernmentof7.4 million in payroll taxes. Because of our investigative expertise, the OIG is a member of the International Organized Crime (IOC) strategy headed by the U.S. Attorney General. The IOC is committed to combating crime by international organized groups.
Finally, I would like to express my sincere gratitude to former DOL Inspector General Gordon S. Heddell, who is now serving as the Inspector General at the U.S. Department of Defense. During his leadership of more than eight years, the DOL-OIG consistently achieved significant results similar to those presented in this report. As Acting Inspector General, I look forward to continuing to work with the Secretary of Labor and her management team in ensuring the effectiveness of DOL in delivering services and protecting the rights and benefits of American workers and retirees
Electronic business (e-business) are different than other business because it involves any commercial or business activity that takes place by means of electronic facilities (buy and selling online), including on the Internet, proprietary networks and home banking, instead of through direct physical exchange or contact. This system creates an environment that operates at a much greater speed than traditional methods and involves much less paperâbased evidence of activities. These e-business related risks should not be considered in isolation but rather as part of the overall internal control framework of an entity. It is essential to identify and assess the risks associated with an e-business environment and management should develop an e-business strategy that identifies and addresses risks. The e-business Information Systems (IS) audit is a critical component of the e-business plan. This paper tries to present a risk analysis for e-business applications in order to establish the IS audit particularities in this field.e-business, risk analysis, IS audit, confidentiality, reliability, integrity, availability