Risk and Business Goal Based Security Requirement and Countermeasure Prioritization

Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security” but need to be able to justify their security investment plans. Currently companies achieve this by means of checklist-based security assessments, but these methods are a way to achieve consensus without being able to provide justifications of countermeasures in terms of business goals. But such justifications are needed to operate securely and effectively in networked businesses. In this paper, we first compare a Risk-Based Requirements Prioritization method (RiskREP) with some requirements engineering and risk assessment methods based on their requirements elicitation and prioritization properties. RiskREP extends misuse case-based requirements engineering methods with IT architecture-based risk assessment and countermeasure definition and prioritization. Then, we present how RiskREP prioritizes countermeasures by linking business goals to countermeasure specification. Prioritizing countermeasures based on business goals is especially important to provide the stakeholders with structured arguments for choosing a set of countermeasures to implement. We illustrate RiskREP and how it prioritizes the countermeasures it elicits by an application to an action case

The fragility of functional work systems in steel

The I/N case offers insight into the interrelationship between work systems, living standards and performance. It demonstrates that a high road approach and functional work systems positively impact stakeholders’ lives, improve production efficiency and benefit the local and macro-level economies and societies in which they are embedded. It also shows that such work systems can be implemented in contexts with a history of adversarial labor-management relations. However, broader external forces can conspire to make it very difficult for firms to sustain functional work systems despite initial successes in specific contexts. Financial markets in particular make long term commitment to stakeholder groups other than shareholders (i.e. employees, suppliers and communities) conditional on profit maximization and share price appreciation. Yet the logic of profit maximization for the benefit of shareholders leads to short termist decisions that undermine the very commitments that were so necessary for creating a new work system: security is threatened, training is put on the back burner; trust is irreparably undermined. Indeed, because of the inherent contradiction between strategic approaches to maximizing stock market and long term product market success, these high road systems are fragile in national frameworks that subject them to low road pressures without a forum for resolving the difficulties that arise from opposing market pressures and responses

Accommodation requirements for microgravity science and applications research on space station

Scientific research conducted in the microgravity environment of space represents a unique opportunity to explore and exploit the benefits of materials processing in the virtual abscence of gravity induced forces. NASA has initiated the preliminary design of a permanently manned space station that will support technological advances in process science and stimulate the development of new and improved materials having applications across the commercial spectrum. A study is performed to define from the researchers' perspective, the requirements for laboratory equipment to accommodate microgravity experiments on the space station. The accommodation requirements focus on the microgravity science disciplines including combustion science, electronic materials, metals and alloys, fluids and transport phenomena, glasses and ceramics, and polymer science. User requirements have been identified in eleven research classes, each of which contain an envelope of functional requirements for related experiments having similar characteristics, objectives, and equipment needs. Based on these functional requirements seventeen items of experiment apparatus and twenty items of core supporting equipment have been defined which represent currently identified equipment requirements for a pressurized laboratory module at the initial operating capability of the NASA space station

Developing a distributed electronic health-record store for India

The DIGHT project is addressing the problem of building a scalable and highly available information store for the Electronic Health Records (EHRs) of the over one billion citizens of India

Estimating Impact and Frequency of Risks to Safety and Mission Critical Systems Using CVSS

Many safety and mission critical systems depend on the correct and secure operation of both supportive and core software systems. E.g., both the safety of personnel and the effective execution of core missions on an oil platform depend on the correct recording storing, transfer and interpretation of data, such as that for the Logging While Drilling (LWD) and Measurement While Drilling (MWD) subsystems. Here, data is recorded on site, packaged and then transferred to an on-shore operational centre. Today, the data is transferred on dedicated communication channels to ensure a secure and safe transfer, free from deliberately and accidental faults. However, as the cost control is ever more important some of the transfer will be over remotely accessible infrastructure in the future. Thus, communication will be prone to known security vulnerabilities exploitable by outsiders. This paper presents a model that estimates risk level of known vulnerabilities as a combination of frequency and impact estimates derived from the Common Vulnerability Scoring System (CVSS). The model is implemented as a Bayesian Belief Network (BBN)

Grid simulation services for the medical community

The first part of this paper presents a selection of medical simulation applications, including image reconstruction, near real-time registration for neuro-surgery, enhanced dose distribution calculation for radio-therapy, inhaled drug delivery prediction, plastic surgery planning and cardio-vascular system simulation. The latter two topics are discussed in some detail. In the second part, we show how such services can be made available to the clinical practitioner using Grid technology. We discuss the developments and experience made during the EU project GEMSS, which provides reliable, efficient, secure and lawful medical Grid services

New intelligent network approach for monitoring physiological parameters : the case of Benin

Benin health system is facing many challenges as: (i) affordable high-quality health care to a growing population providing need, (ii) patients’ hospitalization time reduction, (iii) and presence time of the nursing staff optimization. Such challenges can be solved by remote monitoring of patients. To achieve this, five steps were followed. 1) Identification of the Wireless Body Area Network (WBAN) systems’ characteristics and the patient physiological parameters’ monitoring. 2) The national Integrated Patient Monitoring Network (RIMP) architecture modeling in a cloud of Technocenters. 3) Cross-analysis between the characteristics and the functional requirements identified. 4) Each Technocenter’s functionality simulation through: a) the design approach choice inspired by the life cycle of V systems; b) functional modeling through SysML Language; c) the communication technology and different architectures of sensor networks choice studying. 5) An estimate of the material resources of the national RIMP according to physiological parameters. A National Integrated Network for Patient Monitoring (RNIMP) remotely, ambulatory or not, was designed for Beninese health system. The implementation of the RNIMP will contribute to improve patients’ care in Benin. The proposed network is supported by a repository that can be used for its implementation, monitoring and evaluation. It is a table of 36 characteristic elements each of which must satisfy 5 requirements relating to: medical application, design factors, safety, performance indicators and materiovigilance