Modeling Security Risks at the System Design Stage Alignment of Mal Activity Diagrams and SecureUML to the ISSRM Domain Model

Turvatehnika disain on üks olulisi süsteemiarenduse komponente. Ta peaks läbima tervet süsteemiarendusprotsessi. Kahjuks pööratakse talle paljudel juhtudel tähelepanu ainult süsteemi arendamise ja haldamise ajal. Paljud turvalise modelleerimise keeled (näiteks Misuse Case, Secure Tropos) aitavad turvariskejuba nõuete analüüsi etapil hallata. Käesolevas magistritöös vaatleme modelleerimisvahendeid (pahateoskeemid ja SecureUML), mida kasutatakse süsteemi disainil. Täpsemalt, me uurime, kuivõrd need vahendid toetavad infosüsteemide turvariskide haldust (Information Systems Security Risks Management, ISSRM). Töö tulemuseks on tabel, mis seab pahateoskeemid ning SecureUML-keele konstruktsioonid ISSRM domeeni mõistetega omavahel vastavusse. Me põhjendame oma analüüsi ning valideerime saadud tulemusi mitmel illustratiivsel näitel. Me loodame, et saadud tulemused aitavad arendajatel paremini aru saada, kuidas turvariske süsteemi disainietapil arvesse võtta. Peale selle, nende keelte analüüs ühisel kontseptuaalsel taustal annab tulevikus võimaluse neid keeli korraga kasutada ning loodud mudeleid ühest keelest teise teisendada.Security engineering is one of the important concerns during system development. It should be addressed throughout the whole system development process; however in many cases it is often dealt only during system development and maintenance. There are several security modeling languages (e.g, Misuse case, Secure Tropos) that help dealing with security risk management at the requirements stage. In this thesis, we are focusing on the modeling languages (e.g. Mal activity diagrams and SecureUML) that are used to design the system. More specifically we investigate how these languages support information systems security risks management (ISSRM). The outcome of this work is an alignment table between the Mal activity diagrams and SecureUML language constructs to the ISSRM domain model concepts. We ground our analysis and validate the received results on the number of illustrative examples. We hope that our results will help developers to understand how they can consider security risks at the system design stage. In addition we open the way for the interoperability between different modeling languages that are analysed using the same conceptual background, thus, potentially leading to the transformation between these modeling approaches

An Analytical Study of the Reality of Electronic Documents and Electronic Archiving in the Management of Electronic Documents in the Palestinian Pension Agency (PPA)

The study aims to identify the reality of management of electronic documents and electronic archiving retirement in the Palestinian Pension Agency -analytical study, as well as to recognize the reality of the current document management system in the Palestinian Pension Agency. The study found the following results: that the reality of the current system for the management of documents in the agency is weak and suffers from many jams. Employee in the agency understand the importance and benefits of the management of electronic documents system, where the application of electronic document management system provide important features and benefits most of which reduce the loss of documents between departments, illustrates the flow path, the speed, accuracy, transparency, and reduce the proportion of damage and destruction of files. Furthermore, the electronic documents system cost will be less than the cost of the current system and it will reduce the tasks assigned for the staff. The existence of a clear adoption of the agency for the policies and procedures established for the application of electronic documents management system. There are weak plans for training and developing of staff in the agency to raise their efficiency. The study found a set of recommendations, including: increased interest and awareness of the need to implement policies, mechanisms, and procedures to ensure the success of electronic document management system through benefiting from the experiences of other organizations and the private sector. The agency need to increase and develop its services for retirees in order to encourage the private sector, universities, and institutions to join the agency, and open the way for all segments of society in Gaza and West Bank and enhance its competitiveness between international social security institutions. The need to focus its attention on developing and publishing appropriate clear plans and specific goals about management of electronic documents and the agency should be committed to apply them. The need to focus on the establishment of a public management of archiving in the structure dealing with all technical operations and having competent and qualified employees in the field of electronic document management. The need to focus on the Palestinian National Archives and the follow-up with the international standards by the International Council Archives (ICA)

Towards a Framework for Managing Inconsistencies in Systems of Systems

The growth in the complexity of software systems has led to a proliferation of systems that have been created independently to provide specific functions, such as activity tracking, household energy management or personal nutrition assistance. The runtime composition of these individual systems into Systems of Systems (SoSs) enables support for more sophisticated functionality that cannot be provided by individual constituent systems on their own. However, in order to realize the benefits of these functionalities it is necessary to address a number of challenges associated with SoSs, including, but not limited to, operational and managerial independence, geographic distribution of participating systems, evolutionary development, and emergent conflicting behavior that can occur due interactions between the requirements of the participating systems. In this paper, we present a framework for conflict management in SoSs. The management of conflicting requirements involves four steps, namely (a) overlap detection, (b) conflict identification, (c) conflict diagnosis, and (d) conflict resolution based on the use of a utility function. The framework uses a Monitor-Analyze-Plan- Execute- Knowledge (MAPE-K) architectural pattern. In order to illustrate the work, we use an example SoS ecosystem designed to support food security at different levels of granularity

Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications

Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by implementing suitable risk treatment plans. However, an overarching overview of these methods, systematizing the characteristics of such methods, is missing. In this paper, we conduct a systematic literature review, and identify 7 integrated safety and security risk assessment methods. We analyze these methods based on 5 different criteria, and identify key characteristics and applications. A key outcome is the distinction between sequential and non-sequential integration of safety and security, related to the order in which safety and security risks are assessed. This study provides a basis for developing more effective integrated safety and security risk assessment methods in the future

Eliciting user requirements with older adults: Lessons from the design of an interactive domestic alarm system

This paper documents how methodological challenges were addressed when identifying user requirements for an Interactive Domestic Alarm System (IDAS) designed to enable older adults to live independently in their own homes for longer. A novel approach to determine possible IDAS functionality is described, and the results of focus groups conducted with older adults and care workers are reported. The paper identifies some difficulties encountered when using the focus group method with an ageing sample, and highlights the importance of careful preparatory work if this method is to be used successfully in such a context