Framework for Security Transparency in Cloud Computing

The migration of sensitive data and applications from the on-premise data centre to a cloud environment increases cyber risks to users, mainly because the cloud environment is managed and maintained by a third-party. In particular, the partial surrender of sensitive data and application to a cloud environment creates numerous concerns that are related to a lack of security transparency. Security transparency involves the disclosure of information by cloud service providers about the security measures being put in place to protect assets and meet the expectations of customers. It establishes trust in service relationship between cloud service providers and customers, and without evidence of continuous transparency, trust and confidence are affected and are likely to hinder extensive usage of cloud services. Also, insufficient security transparency is considered as an added level of risk and increases the difficulty of demonstrating conformance to customer requirements and ensuring that the cloud service providers adequately implement security obligations. The research community have acknowledged the pressing need to address security transparency concerns, and although technical aspects for ensuring security and privacy have been researched widely, the focus on security transparency is still scarce. The relatively few literature mostly approach the issue of security transparency from cloud providers’ perspective, while other works have contributed feasible techniques for comparison and selection of cloud service providers using metrics such as transparency and trustworthiness. However, there is still a shortage of research that focuses on improving security transparency from cloud users’ point of view. In particular, there is still a gap in the literature that (i) dissects security transparency from the lens of conceptual knowledge up to implementation from organizational and technical perspectives and; (ii) support continuous transparency by enabling the vetting and probing of cloud service providers’ conformity to specific customer requirements. The significant growth in moving business to the cloud – due to its scalability and perceived effectiveness – underlines the dire need for research in this area. This thesis presents a framework that comprises the core conceptual elements that constitute security transparency in cloud computing. It contributes to the knowledge domain of security transparency in cloud computing by proposing the following. Firstly, the research analyses the basics of cloud security transparency by exploring the notion and foundational concepts that constitute security transparency. Secondly, it proposes a framework which integrates various concepts from requirement engineering domain and an accompanying process that could be followed to implement the framework. The framework and its process provide an essential set of conceptual ideas, activities and steps that can be followed at an organizational level to attain security transparency, which are based on the principles of industry standards and best practices. Thirdly, for ensuring continuous transparency, the thesis proposes an essential tool that supports the collection and assessment of evidence from cloud providers, including the establishment of remedial actions for redressing deficiencies in cloud provider practices. The tool serves as a supplementary component of the proposed framework that enables continuous inspection of how predefined customer requirements are being satisfied. The thesis also validates the proposed security transparency framework and tool in terms of validity, applicability, adaptability, and acceptability using two different case studies. Feedbacks are collected from stakeholders and analysed using essential criteria such as ease of use, relevance, usability, etc. The result of the analysis illustrates the validity and acceptability of both the framework and tool in enhancing security transparency in a real-world environment

Social Media Roadmaps. Exploring the futures triggered by social media.

Social media refers to a combination of three elements: content, user communities and Web 2.0 technologies. This foresight report presents six roadmaps of the anticipated developments of social media in three themes: society, companies, and local environment. One of the roadmaps, the meta-roadmap, is the synthesis of them all. The society sub-roadmap explores societal participation through communities. There are three sub-roadmaps relating to companies: interacting with companies through communities, social media in work environment, and social media enhanced shopping. The local environment sub-roadmap looks at social media in local environment. The roadmapping process was carried out through two workshops at VTT. The results of the report are crystallized into five main development lines triggered by social media. First development line is transparency referring to its increasing role in society, both with positive and negative consequences. The second development line is the rise of ubiquitous participatory communication model. This refers to an increase of two-directional and community-based interactivity in every field, where it has some added value. The third development is reflexive empowerment. This refers to the role of social media as an enabler of grass-root community collaboration. The fourth development line is the duality personalization/fragmentation vs. mass effects/integration. Personalization /fragmentation emphasises the tailoring of the web services and content. This development is counterweighted by mass effects/integration, like the formation of super-nodes in the web. The fifth development line is the new relations of physical and virtual worlds. This development line highlights the idea that practices induced by social media, e.g. communication, participation, co-creation, feedback and rating, will get more common in daily environment, and that virtual and physical worlds will be more and more interlinked.</p

Full Information Product Pricing: An Information Strategy for Harnessing Consumer Choice to Create a More Sustainable World

Research and practice in the information systems (IS) field have been evolving over time, nourishing and promoting the development of applications that transform the relationships of individuals, corporations, and governments. Building on this evolution, we push forward a vision of the potential influence of the IS field into one of the most important problems of our times, an increasingly unsustainable world, which is traditionally considered the product of imperfect markets or market externalities. We describe our work in Full Information Product Pricing (FIPP) and our vision of a FIPP global socio-technical system, I-Choose, as a way to connect consumer choice and values with environmental, social, and economic effects of production and distribution practices. FIPP and I-Choose represent a vision about how information systems research can contribute to interdisciplinary research in supply chains, governance, and market economies to provide consumers with information packages that help them better understand how, where, and by whom the products they buy are produced. We believe that such a system will have important implications for international trade and agreements, for public policy, and for making a more sustainable world

Strategies and Approaches for Exploiting the Value of Open Data

Data is increasingly permeating into all dimensions of our society and has become an indispensable commodity that serves as a basis for many products and services. Traditional sectors, such as health, transport, retail, are all benefiting from digital developments. In recent years, governments have also started to participate in the open data venture, usually with the motivation of increasing transparency. In fact, governments are one of the largest producers and collectors of data in many different domains. As the increasing amount of open data and open government data initiatives show, it is becoming more and more vital to identify the means and methods how to exploit the value of this data that ultimately affects various dimensions. In this thesis we therefore focus on researching how open data can be exploited to its highest value potential, and how we can enable stakeholders to create value upon data accordingly. Albeit the radical advances in technology enabling data and knowledge sharing, and the lowering of barriers to information access, raw data was given only recently the attention and relevance it merits. Moreover, even though the publishing of data is increasing at an enormously fast rate, there are many challenges that hinder its exploitation and consumption. Technical issues hinder the re-use of data, whilst policy, economic, organisational and cultural issues hinder entities from participating or collaborating in open data initiatives. Our focus is thus to contribute to the topic by researching current approaches towards the use of open data. We explore methods for creating value upon open (government) data, and identify the strengths and weaknesses that subsequently influence the success of an open data initiative. This research then acts as a baseline for the value creation guidelines, methodologies, and approaches that we propose. Our contribution is based on the premise that if stakeholders are provided with adequate means and models to follow, then they will be encouraged to create value and exploit data products. Our subsequent contribution in this thesis therefore enables stakeholders to easily access and consume open data, as the first step towards creating value. Thereafter we proceed to identify and model the various value creation processes through the definition of a Data Value Network, and also provide a concrete implementation that allows stakeholders to create value. Ultimately, by creating value on data products, stakeholders participate in the global data economy and impact not only the economic dimension, but also other dimensions including technical, societal and political

1st INCF Workshop on Sustainability of Neuroscience Databases

The goal of the workshop was to discuss issues related to the sustainability of neuroscience databases, identify problems and propose solutions, and formulate recommendations to the INCF. The report summarizes the discussions of invited participants from the neuroinformatics community as well as from other disciplines where sustainability issues have already been approached. The recommendations for the INCF involve rating, ranking, and supporting database sustainability

Disrupting Finance

This open access Pivot demonstrates how a variety of technologies act as innovation catalysts within the banking and financial services sector. Traditional banks and financial services are under increasing competition from global IT companies such as Google, Apple, Amazon and PayPal whilst facing pressure from investors to reduce costs, increase agility and improve customer retention. Technologies such as blockchain, cloud computing, mobile technologies, big data analytics and social media therefore have perhaps more potential in this industry and area of business than any other. This book defines a fintech ecosystem for the 21st century, providing a state-of-the art review of current literature, suggesting avenues for new research and offering perspectives from business, technology and industry

Semantic discovery and reuse of business process patterns

Patterns currently play an important role in modern information systems (IS) development and their use has mainly been restricted to the design and implementation phases of the development lifecycle. Given the increasing significance of business modelling in IS development, patterns have the potential of providing a viable solution for promoting reusability of recurrent generalized models in the very early stages of development. As a statement of research-in-progress this paper focuses on business process patterns and proposes an initial methodological framework for the discovery and reuse of business process patterns within the IS development lifecycle. The framework borrows ideas from the domain engineering literature and proposes the use of semantics to drive both the discovery of patterns as well as their reuse