Run-time risk management in adaptive ICT systems

We will present results of the SERSCIS project related to risk management and mitigation strategies in adaptive multi-stakeholder ICT systems. The SERSCIS approach involves using semantic threat models to support automated design-time threat identification and mitigation analysis. The focus of this paper is the use of these models at run-time for automated threat detection and diagnosis. This is based on a combination of semantic reasoning and Bayesian inference applied to run-time system monitoring data. The resulting dynamic risk management approach is compared to a conventional ISO 27000 type approach, and validation test results presented from an Airport Collaborative Decision Making (A-CDM) scenario involving data exchange between multiple airport service providers

Semantics for incident identification and resolution reports

In order to achieve a safe and systematic treatment of security protocols, organizations release a number of technical briefings describing how to detect and manage security incidents. A critical issue is that this document set may suffer from semantic deficiencies, mainly due to ambiguity or different granularity levels of description and analysis. An approach to face this problem is the use of semantic methodologies in order to provide better Knowledge Externalization from incident protocols management. In this article, we propose a method based on semantic techniques for both, analyzing and specifying (meta)security requirements on protocols used for solving security incidents. This would allow specialist getting better documentation on their intangible knowledge about them.Ministerio de Economía y Competitividad TIN2013-41086-

Surfacing ERP exploitation risks through a risk ontology

Purpose – The purpose of this paper is to develop a risk identification checklist for facilitating user companies to surface, organise and manage potential risks associated with the post-adoption of Enterprise Resource Planning (ERP) systems. Design/methodology/approach – A desktop study, based on the process of a critical literature review, was conducted by the researchers. The critical review focused on IS and business research papers, books, case studies and theoretical articles, etc. Findings – By systematically and critically analysing and synthesising the literature reviewed, the researchers identified and proposed a total of 40 ERP post-implementation risks related to diverse operational, analytical, organisation-wide and technical aspects. A risk ontology was subsequently established to highlight these ERP risks, as well as to present their potential causal relationships. Research limitations/implications – For researchers, the established ERP risk ontology represents a starting point for further research, and provides early insights into a research field that will become increasingly important as more and more companies progress from implementation to exploitation of ERPs. Practical implications – For practitioners, the risk ontology is an important tool and checklist to support risk identification, prevention, management and control, as well as to facilitate strategic planning and decision making. Originality/value – There is a scarcity of studies focusing on ERP post-implementation in contrast with an over abundance of studies focusing on system implementation and project management aspects. This paper aims to fill this significant research gap by presenting a risk ontology of ERP post-adoption. It represents a first attempt in producing a comprehensive model in its area. No other such models could be found from the literature reviewed

A model for digital preservation repository risk relationships

The paper introduces the Preserved Object and Repository Risk Ontology (PORRO), a model that relates preservation functionality with associated risks and opportunities for their mitigation. Building on work undertaken in a range of EU and UK funded research projects (including the Digital Curation Centre , DigitalPreservationEurope and DELOS ), this ontology illustrates relationships between fundamental digital library goals and their parameters; associated rights and responsibilities; practical activities and resources involved in their accomplishment; and risks facing digital libraries and their collections. Its purpose is to facilitate a comprehensive understanding of risk causality and to illustrate opportunities for mitigation and avoidance. The ontology reflects evidence accumulated from a series of institutional audits and evaluations, including a specific subset of digital libraries in the DELOS project which led to the definition of a digital library preservation risk profile. Its applicability is intended to be widespread, and its coverage expected to evolve to reflect developments within the community. Attendees will gain an understanding of the model and learn how they can utilize this online resource to inform their own risk management activities

A semantic approach to reachability matrix computation

The Cyber Security is a crucial aspect of networks management. The Reachability Matrix computation is one of the main challenge in this field. This paper presents an intelligent solution in order to address the Reachability Matrix computational proble

An Ontology for Product-Service Systems

Industries are transforming their business strategy from a product-centric to a more service-centric nature by bundling products and services into integrated solutions to enhance the relationship between their customers. Since Product- Service Systems design research is currently at a rudimentary stage, the development of a robust ontology for this area would be helpful. The advantages of a standardized ontology are that it could help researchers and practitioners to communicate their views without ambiguity and thus encourage the conception and implementation of useful methods and tools. In this paper, an initial structure of a PSS ontology from the design perspective is proposed and evaluated