Legal compliance support with an ontology-based information system

The Internet and Information Systems evolution have dramatically increased the amount of information hold by governments and companies. This information can be very sensitive, specially regarding personal data, so governments and industries promote acts and guidelines in order to ensure privacy and data security. Thus, companies have to consider legal and Information Technology (IT) compliance. Nevertheless, compliance assessment is still a manual task performed by experts, but steps towards an automated compliance assessment, both in IT and legal, are in progress. In this paper we introduce the Neurona framework, a software application based on legal and security ontologies that aims at providing organizations with legal compliance support

Enforcing Privacy by Means of an Ontology Driven XACML Framework

Nowadays enforcing privacy in enterprises is recognized as an issue of impact. Actually, it is a big challenge to adapt normative laws and regulations in a software system. It is a challenging task to include the formalized laws and rules in enterprises since e.g. more than one regulation may affect the terms of privacy concerning one situation. Traditional access control provides a general mechanism for assigning rights to individual users or roles. In the context of privacy this is insufficient; it offers no means to fulfil certain aspects such as limitations to the duration for which private data may be stored. To enforce privacy in enterprises we further need a fine granular access control mechanism on the data entities to ensure that every aspect of privacy can be reflected. This paper provides a novel solution for this by means of ontologies. The usage of ontologies in our approach differs from the conventional form in focusing on generating access control policies which are adapted from our software framework to provide fine granular access on the diverse data sources