A model for digital preservation repository risk relationships

The paper introduces the Preserved Object and Repository Risk Ontology (PORRO), a model that relates preservation functionality with associated risks and opportunities for their mitigation. Building on work undertaken in a range of EU and UK funded research projects (including the Digital Curation Centre , DigitalPreservationEurope and DELOS ), this ontology illustrates relationships between fundamental digital library goals and their parameters; associated rights and responsibilities; practical activities and resources involved in their accomplishment; and risks facing digital libraries and their collections. Its purpose is to facilitate a comprehensive understanding of risk causality and to illustrate opportunities for mitigation and avoidance. The ontology reflects evidence accumulated from a series of institutional audits and evaluations, including a specific subset of digital libraries in the DELOS project which led to the definition of a digital library preservation risk profile. Its applicability is intended to be widespread, and its coverage expected to evolve to reflect developments within the community. Attendees will gain an understanding of the model and learn how they can utilize this online resource to inform their own risk management activities

Comprehensive Security Framework for Global Threats Analysis

Cyber criminality activities are changing and becoming more and more professional. With the growth of financial flows through the Internet and the Information System (IS), new kinds of thread arise involving complex scenarios spread within multiple IS components. The IS information modeling and Behavioral Analysis are becoming new solutions to normalize the IS information and counter these new threads. This paper presents a framework which details the principal and necessary steps for monitoring an IS. We present the architecture of the framework, i.e. an ontology of activities carried out within an IS to model security information and User Behavioral analysis. The results of the performed experiments on real data show that the modeling is effective to reduce the amount of events by 91%. The User Behavioral Analysis on uniform modeled data is also effective, detecting more than 80% of legitimate actions of attack scenarios

Technology-based Practical Blockchain System Audit Maturity Model

Information system auditing can reveal the quality of such systems, and standard audit items are crucial elements of system and audit quality. Blockchain technology is currently being applied to various areas including the financial, manufacturing, healthcare, distribution, and public sectors, and an increasing number of systems that apply such technologies are also being developed.The current audit model is insufficient for application in the field, and the auditing of systems applying new technologies, such as blockchain, has not been given sufficient attention. Furthermore, it is difficult to evaluate the relative levels of audited systems using audit results. Existing studies have only examined the auditing of systems that apply blockchain. Although the Korea Association of Information Systems Audit has suggested a checklist for systems applying blockchain, it has yet to be adopted. To address this problem, 50 existing audit result reports and technical data were collected, from which sixteen factors of four audit quality properties consisting of blockchain system, technology compliance, software quality, and document were derived. Furthermore, an audit maturity model was presented after evaluating the priorities of the 16 derived factors. The results of the evaluation of the priorities of audit items indicated that auditors give a higher importance to technology-based than document-based audits of information systems. This study contributes to the literature by deriving field-oriented audit items including blockchain technology, thus enabling practical audits to be conducted in a short time. Further, this study enables the maturity of systems to be compared based on audit results by presenting audit maturity

Using Ontologies for the Design of Data Warehouses

Obtaining an implementation of a data warehouse is a complex task that forces designers to acquire wide knowledge of the domain, thus requiring a high level of expertise and becoming it a prone-to-fail task. Based on our experience, we have detected a set of situations we have faced up with in real-world projects in which we believe that the use of ontologies will improve several aspects of the design of data warehouses. The aim of this article is to describe several shortcomings of current data warehouse design approaches and discuss the benefit of using ontologies to overcome them. This work is a starting point for discussing the convenience of using ontologies in data warehouse design.Comment: 15 pages, 2 figure

Continuous Process Auditing (CPA): an Audit Rule Ontology Approach to Compliance and Operational Audits

Continuous Auditing (CA) has been investigated over time and it is, somewhat, in practice within nancial and transactional auditing as a part of continuous assurance and monitoring. Enterprise Information Systems (EIS) that run their activities in the form of processes require continuous auditing of a process that invokes the action(s) speci ed in the policies and rules in a continuous manner and/or sometimes in real-time. This leads to the question: How much could continuous auditing mimic the actual auditing procedures performed by auditing professionals? We investigate some of these questions through Continuous Process Auditing (CPA) relying on heterogeneous activities of processes in the EIS, as well as detecting exceptions and evidence in current and historic databases to provide audit assurance

No accounting for risk

At the present time, the relation between accounting praxis and risk is not well understood. Accounting praxis does not appear to regard the risk it identifies with its activities as being different from 'objective risk' - the concept of risk found in positive financial and accounting research. Instead accounting praxis (as reflected in case studies, surveys and other empirical studies) reveal a collection of different, sometimes contradictory, conceptions and 'taken for granted' understandings of risk that are invoked and applied on an ad hoc, case by case basis. The aim of this paper is to demonstrate that the conceptual disarray in accounting for risk is both costly and unnecessary. Taking an interdisciplinary approach to risk research, the authors review developments in risk thinking at the end of the 20th Century and highlight a way forward for accounting through New Paradigm Risk (NPR). Various illustrations and case study examples are drawn upon to reflect the relevance of NPR to accounting praxis

A knowledge development lifecycle for reflective practice

Reflective practice is valuable because of its potential for continuous improvement through feedback and learning. Conventional models of knowledge practice however do not explicitly include reflection as part of the practice, nor locate it in a developmental cycle. They focus on modelling in a knowledge plane which itself is contextualised by active knowing processes, and ignore the influence of power in their activity models. Further, many models focus on either an artefact or a process view, resulting from a conceptual disconnect between knowledge and knowing, and failure to relate passive to active views. Using the idea of higher order loops that govern knowledge development processes, in this paper we propose a conceptualisation of a reflective Knowledge Development Life Cycle (KDLC). This explicitly includes the investigator and the organisation itself as dynamic components of a systemic process and is suited to either a constructivist or realist epistemological stance. We describe the stages required in the KDLC and discuss their significance. Finally we show how incorporation of reflection into process enables dynamic interplay between the knowing and the knowledge in the organisation