Generic security templates for information system security arguments: mapping security arguments within healthcare systems

Industry reports indicate that the number of security incidents happened in healthcare organisation is increasing. Lessons learned (i.e. the causes of a security incident and the recommendations intended to avoid any recurrence) from those security incidents should ideally inform information security management systems (ISMS). The sharing of the lessons learned is an essential activity in the “follow-up” phase of security incident response lifecycle, which has long been addressed but not given enough attention in academic and industry. This dissertation proposes a novel approach, the Generic Security Template (GST), aiming to feed back the lessons learned from real world security incidents to the ISMS. It adapts graphical Goal Structuring Notations (GSN), to present the lessons learned in a structured manner through mapping them to the security requirements of the ISMS. The suitability of the GST has been confirmed by demonstrating that instances of the GST can be produced from real world security incidents of different countries based on in-depth analysis of case studies. The usability of the GST has been evaluated using a series of empirical studies. The GST is empirically evaluated in terms of its given effectiveness in assisting the communication of the lessons learned from security incidents as compared to the traditional text based approach alone. The results show that the GST can help to improve the accuracy and reduce the mental efforts in assisting the identification of the lessons learned from security incidents and the results are statistically significant. The GST is further evaluated to determine whether users can apply the GST to structure insights derived from a specific security incident. The results show that students with a computer science background can create an instance of the GST. The acceptability of the GST is assessed in a healthcare organisation. Strengths and weaknesses are identified and the GST has been adjusted to fit into organisational needs. The GST is then further tested to examine its capability to feed back the security lessons to the ISMS. The results show that, by using the GST, lessons identified from security incidents from one healthcare organisation in a specific country can be transferred to another and can indeed inform the improvements of the ISMS. In summary, the GST provides a unified way to feed back the lessons learned to the ISMS. It fosters an environment where different stakeholders can speak the same language while exchanging the lessons learned from the security incidents around the world

Inter-diagrammatic reasoning

Although research in diagrammatic reasoning is as old as research in artificial intelligence itself, it has only recently aroused from a long dormancy induced by a bias toward symbolic computing. This resurgence of interest has been almost exclusively slanted towards the investigation of how a computer might be coaxed into generating information from isolated diagrams. In contrast, we examine how a computer might reason with groups of related diagrams inferring, for example, weather information from a suite of cartograms or the best move in a game from a sequence of diagrams delineating moves up to the current point. Diagrammatic reasoning research has rarely been conducted from this perspective and never with this distinction in mind. We contend that there are many diagrammatic domains that will prove amenable to this inter-diagrammatic perspective and that much can be learned about diagrammatic reasoning in general from such research. In particular, we (1) distinguish inter-diagrammatic and intra-diagrammatic reasoning, (2) define the syntax and semantics of a general diagram useful across a number of domains, (3) define a set of operators and functions that can effect inter-diagrammatic reasoning across a number of domains, (4) describe the formal properties of this set, and explore the relationship of this set with more traditional sets of operators, (5) codify the process by which a diagrammatic domain can be suitably defined to profit from these diagrammatic operators, (6) develop a variety of examples of inter-diagrammatic reasoning in a number of different domains including formal presentation and coding, (7) examine the possibility and utility of combining inter-diagrammatic reasoning with other AI reasoning paradigms, and (8) provide a selection of topics for further research in inter-diagrammatic reasoning.

Relating Two Image-Based Diagrammatic Reasoning Architectures

Additional supportive materials, most notably video versions of many of the figures, are included in this item.This paper is in press, and will appear in the proceedings of the "Diagrams 2010" conference, published as a volume in the Springer series, Lecture Notes in Computer Science.To advance the understanding of different diagrammatic reasoning architectures that reason directly with images, we examine the relationship between Anderson's Inter-Diagrammatic Reasoning (IDR) architecture and Furnas' BITPICT architecture using the technique of cross-implementation. Implementing substantial functionality of each in the other, and noting what is easy and what is difficult, yields insights into the two architectures and such systems in general.Supported in part by the National Science Foundation under grant number IIS-9820368Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/65116/9/bitpictIDR-Figure-13-MAP-MAX-annotated.movhttp://deepblue.lib.umich.edu/bitstream/2027.42/65116/8/bitpictIDR-Figure-12-FILTER-LT2-v2-annotated.movhttp://deepblue.lib.umich.edu/bitstream/2027.42/65116/7/bitpictIDR-Figure-11-AccumulateOverlay-v2-annotated.movhttp://deepblue.lib.umich.edu/bitstream/2027.42/65116/6/bitpictIDR-Figure-10-NULLpredicate-annotated.movhttp://deepblue.lib.umich.edu/bitstream/2027.42/65116/5/bitpictIDR-Figure-9B-Overlay-NOT-AND-annotated.movhttp://deepblue.lib.umich.edu/bitstream/2027.42/65116/4/bitpictIDR-Figure-9A-MoveDataLeft-annotated.movhttp://deepblue.lib.umich.edu/bitstream/2027.42/65116/3/bitpictIDR-FIgure-8B-AND-annotated.movhttp://deepblue.lib.umich.edu/bitstream/2027.42/65116/2/bitpict-IDR-Figure-8A-NOT-annotated.mo

Computational geometry in digital space

This work investigates digital space in terms of geometrical and topological properties. It also examines the applicability of digital space on different problem domains. The first problem area relates to the topology of regions on 2D space, proposing algorithms to infer topological relationships between regions in planar space. Geometrical relationships that required boundary definition were handled with extra overhead (as cell complexes) by other researchers. ^ The second problem area concerns geometrical problems defined for isothetic rectangles. Isothetic rectangles have been a graphical representation for concurrency control since 1980\u27s. However, current systems lack a visual view of the system with a tool to verify the solution given. I present in this research a new graphical technique based on Yannakakis progress graphs that provide a safe and deadlock free solution. This new framework will allow dynamic mode of operation for calculating or verifying a safe schedule rather than restricting the solution to static systems where all required resources must be reserved in advance. ^ The third area relates to 3D rendering. In 3D visualization, the visual faces of the objects in the scene have to be defined, as some objects overlay others depending on their depth. There exists a technique called z-buffering that keeps track of the depth of each pixel in the screen buffer. This technique is simple but has some limitations such as it consumes the bandwidth. We enhanced that technique using IDR technology to reduce the redundant computations that can reduce the bandwidth problem. ^ We defined a diagrammatic reasoning framework to solve geometric problems in discrete space. This framework is applicable as a diagrammatic reasoning mechanism. In addition IDR has a parallel nature. The inter-diagrammatic reasoning (IDR) operators compute on the pixel level independently, which speeds up the complexity of the IDR algorithms. IDR works on the diagram as a whole allowing for a compact specification as a set of diagrams and can be considered in an IDR equation to compute the required solution. This technique is application independent as it is general enough to be defined as a framework for diagrammatic reasoning . ^ For all of these problems, we shall focus on tractable algorithms using IDR.