Conception d’un tableau de bord stratégique en sécurité de l’information pour le soutien de la conscience de la situation

Le responsable de la sécurité des systèmes d’information (CISO) a pour objectif de s’assurer que le conseil d'administration et les hauts dirigeants ont une bonne compréhension de la situation actuelle de l'organisation en matière de sécurité de l'information, puis d’agir de conseiller stratégique pour les décisions qui ont un impact sur la sécurité de l’information. Pour atteindre ces objectifs, le CISO doit avoir accès à de l’information fiable et complète, au moment opportun. Comme la reddition stratégique d’une telle quantité d’information est un processus complexe, elle nécessite l’utilisation d’outils comme le tableau de bord de gestion, défini comme étant un résumé en une page de l’information critique qui permet à l’utilisateur d'atteindre ses objectifs. Cet article propose une méthode de conception de tableau de bord stratégique en sécurité de l’information pour le soutien de la conscience de la situation, qui permet à une partie prenante stratégique en sécurité de l’information d’avoir une bonne compréhension de son environnement. Ensuite, l’article offre un aperçu de la valeur de cette méthode en présentant une maquette de tableau de bord, conçue pour le CISO d'une institution financière canadienne et son équipe. Il documente aussi les défis rencontrés lors du processus de conception.Abstract: The Chief Information Security Officer (CISO) is the senior-level executive who ensures that the board and the executives have a good understanding of the current information security posture of the organization. To fulfill this objective, the CISO needs to have access to reliable, complete and relevant information in a timely manner to allow them to communicate effectively and to take the best decisions. Widely viewed as a great enabler of good performance management, the dashboard is a one-pager summary of the information that allows users to meet their objectives. This paper describes a method that makes it possible to consistently design dashboards that support situation awareness, giving users a good understanding of their environment in order for them to reach their goals. It then creates an example of such a dashboard that targets information security strategic stakeholders such as the CISO in the context of a Canadian financial institution, giving insights into the challenges faced in the design process

Holistic Security and Safety for Factories of the Future

The accelerating transition of traditional industrial processes towards fully automated and intelligent manufacturing is being witnessed in almost all segments. This major adoption of enhanced technology and digitization processes has been originally embraced by the Factories of the Future and Industry 4.0 initiatives. The overall aim is to create smarter, more sustainable, and more resilient future-oriented factories. Unsurprisingly, introducing new production paradigms based on technologies such as machine learning (ML), the Internet of Things (IoT), and robotics does not come at no cost as each newly incorporated technique poses various safety and security challenges. Similarly, the integration required between these techniques to establish a unified and fully interconnected environment contributes to additional threats and risks in the Factories of the Future. Accumulating and analyzing seemingly unrelated activities, occurring simultaneously in different parts of the factory, is essential to establish cyber situational awareness of the investigated environment. Our work contributes to these efforts, in essence by envisioning and implementing the SMS-DT, an integrated platform to simulate and monitor industrial conditions in a digital twin-based architecture. SMS-DT is represented in a three-tier architecture comprising the involved data and control flows: edge, platform, and enterprise tiers. The goal of our platform is to capture, analyze, and correlate a wide range of events being tracked by sensors and systems in various domains of the factory. For this aim, multiple components have been developed on the basis of artificial intelligence to simulate dominant aspects in industries, including network analysis, energy optimization, and worker behavior. A data lake was also used to store collected information, and a set of intelligent services was delivered on the basis of innovative analysis and learning approaches. Finally, the platform was tested in a textile industry environment and integrated with its ERP system. Two misuse cases were simulated to track the factory machines, systems, and people and to assess the role of SMS-DT correlation mechanisms in preventing intentional and unintentional actions. The results of these misuse case simulations showed how the SMS-DT platform can intervene in two domains in the first scenario and three in the second one, resulting in correlating the alerts and reporting them to security operators in the multi-domain intelligent correlation dashboard.The present work has been developed under the EUREKA ITEA3 Project Cyber-Factory#1 (ITEA-17032) and Project CyberFactory#1PT (ANI—P2020 40124) co-funded by Portugal 2020. Furthermore, this work also received funding from the project UIDB/00760/2020.info:eu-repo/semantics/publishedVersio

Engagement of Learners Undertaking Massive Open Online Courses and the Impact of Design

This thesis investigates the low levels of student engagement after registering to study for a massive open online course. To do this, it adopts a mixed methods approach (Gray, 2013) by analysing two large-scale surveys (120,842 and 1,800 responses respectively) and interviewing 12 learners. This was possible because access was given to 76 presentations of 19 MOOCs produced by The Open University on the FutureLearn platform. The aim of this thesis was to answer two research questions. Why do learners engage in massive open online courses (MOOCs), and what elements of the design of MOOCS encourage learner engagement? The analysis of 120,842 survey responses illustrated that learners across all the MOOCs investigated in this study were very focussed on personal interest, regardless of subject. Courses with subject material which focussed upon the future use of technology and educational technology were embarked upon for professional purposes secondary to personal interest. Learners interviewed who had not completed the MOOCs did not see themselves as disengaged but as having achieved their study goals. Learning designs of 19 MOOCs with learner activity and dashboard data from 800,038 enrolments and 425,792 learners were analysed with respect to the second research question. The activity data from 425,792 learners demonstrated they were more likely to engage with comments and to like comments on steps such as articles and videos than on discussion steps. Findings from the performance dashboard data (for example enrolment numbers) and learner activity data, coupled with learning designs, were analysed. From this, high-engagement steps (‘Super Steps’) were identified and isolated for analysis. This study discovered that learners preferred to engage with steps that the learning design framework classified as communicative or assimilative. Learners were more likely to engage with steps that posed questions within their titles, a previously unconsidered element within learning design

Privacy Dashboards for Citizens and GDPR Services for Small Data Holders: A Literature Review

Citizens have gained many rights with the GDPR, e.g. the right to get a copy of their personal data. In practice, however, this is fraught with problems for citizens and small data holders. We present a literature review on solutions promising relief in the form of privacy dashboards for citizens and GDPR services for small data holders. Covered topics are analyzed, categorized and compared. This is ought to be a step towards both enabling citizens to exercise their GDPR rights and supporting small data holders to comply with their GDPR duties.Comment: 27 page

Occupational Safety and Health 5.0—A Model for Multilevel Strategic Deployment Aligned with the Sustainable Development Goals of Agenda 2030

The concept of Industry 4.0 (I4.0) is evolving towards Industry 5.0 (I5.0), where the human factor is the central axis for the formation of smart cyber-physical socio-technical systems that are integrated into their physical and cultural host environment. This situation generates a new work ecosystem with a radical change in the methods, processes and development scenarios and, therefore, in the occupational risks to which safety science must respond. In this paper, a historical review of the evolution of work as a complex socio-technical system formalised through Vygostky’s theory of Activity and the contributions of safety science is carried out, for its projection in the analysis of the future of complex systems as an opportunity for safety research linked to the current labour context in transformation. Next, the Horizon 2020 strategies for Occupational Safety and Health (OSH) at the European level are analysed to extract the lessons learned and extrapolate them towards the proposed model, and subsequently the conceptual frameworks that are transforming work and Occupational Risk Prevention (ORP) in the transition to Industry 4.0 are identified and reviewed. Finally, a model is formulated that formalises the deployment of public policies and multi-level and multi-scale OSH 5.0 strategies within the framework of the Sustainable Development Goals (SDGs) of the United Nations (UN) for Horizon 2030

Leveraging VR/AR/MR/XR Technologies to Improve Cybersecurity Education, Training, and Operations

The United States faces persistent threats conducting malicious cyber campaigns that threaten critical infrastructure, companies and their intellectual property, and the privacy of its citizens. Additionally, there are millions of unfilled cybersecurity positions, and the cybersecurity skills gap continues to widen. Most companies believe that this problem has not improved and nearly 44% believe it has gotten worse over the past 10 years. Threat actors are continuing to evolve their tactics, techniques, and procedures for conducting attacks on public and private targets. Education institutions and companies must adopt emerging technologies to develop security professionals and to increase cybersecurity awareness holistically. Leveraging Virtual/ Augmented/Mixed/Extended Reality technologies for education, training, and awareness can augment traditional learning methodologies and improve the nation’s cybersecurity posture. This paper reviews previous research to identify how distance and remote education are conducted generally, and how Virtual/Augmented/Extended/Mixed reality technologies are used to conduct cybersecurity awareness training, cybersecurity training, and conduct operations. Finally, barriers to adopting these technologies will be discussed. Understanding how these technologies can be developed and implemented provides one potential way of overcoming the cybersecurity workforce gap and increasing the competencies and capabilities of cybersecurity professionals

A New Concept of Digital Twin Supporting Optimization and Resilience of Factories of the Future

In the context of Industry 4.0, a growing use is being made of simulation-based decision-support tools commonly named Digital Twins. Digital Twins are replicas of the physical manufacturing assets, providing means for the monitoring and control of individual assets. Although extensive research on Digital Twins and their applications has been carried out, the majority of existing approaches are asset specific. Little consideration is made of human factors and interdependencies between different production assets are commonly ignored. In this paper, we address those limitations and propose innovations for cognitive modeling and co-simulation which may unleash novel uses of Digital Twins in Factories of the Future. We introduce a holistic Digital Twin approach, in which the factory is not represented by a set of separated Digital Twins but by a comprehensive modeling and simulation capacity embracing the full manufacturing process including external network dependencies. Furthermore, we introduce novel approaches for integrating models of human behavior and capacities for security testing with Digital Twins and show how the holistic Digital Twin can enable new services for the optimization and resilience of Factories of the Future. To illustrate this approach, we introduce a specific use-case implemented in field of Aerospace System Manufacturing.The present work was developed under the EUREKA–ITEA3 Project CyberFactory#1 (ITEA-17032), co-funded by Project CyberFactory#1PT (ANI|P2020 40124), from FEDER Funds through NORTE2020 program and from National Funds through FCT under the project UID/EEA/00760/2019 and by the Federal Ministry of Education and Research (BMBF, Germany, funding No. 01IS18061C).info:eu-repo/semantics/publishedVersio

Improving Information Alignment and Distributed Coordination for Secure Information Supply Chains

Industries are constantly striving to incorporate the latest technology systems into their operations so that they can maintain a competitive edge in their respective markets. However, even when they are able to stay up to speed with technological advancement, there continues to be a gap between the workforce skill set and available technologies. Organizations may acquire advanced systems, yet end up spending extended periods of time in the implementation and deployment phases, resulting in lost resources and productivity. The primary focus of this research is on streamlining the implementation and integration of new information technology systems to avoid the dire consequences of the process being prolonged or inefficient. Specifically, the goal of this research is to mitigate business challenges in information sharing and availability for employees and managers interacting with business tools and each other. This was accomplished by first interviewing work professionals in order to identify gap parameters. Based on the interview findings, recommendations were made in order to enhance the usability of existing tools. At this point, the research setting was shifted from network operations to supply chain operations due to the restrictive nature of network operations. The research team succeeded in developing a user-centered methodology to implement and deploy new business systems to mitigate risk during integration of new systems as the transition is made from the classic way of performing tasks. While this methodology was studied in supply chain operations, it enabled the identification of a common trend of challenges in operations work settings, regardless of the business application. Hence the findings of this research can be extrapolated to any business setting, besides the ones actually studied by the team. In addition, this research ensures that operational teams are able to maximize their benefit out of the technology available, thus enabling them to keep up with the rapidly evolving world of technology while minimizing sacrifices in resources or productivity in the process