9 research outputs found
A Semantic Rule-Based Approach for Software Privacy by Design
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the URI link. Open access journalInformation system business is currently witnessing an increasing demand for system
conformance with the international regime of GRC Governance, Risk and Compliance. Among
different compliance approaches, data protection and privacy laws plays a key role. In this
paper, we propose a compliance requirement analysis method from early stages of system
modelling based on a semantically-rich model, where a mapping can be established from data
protection and privacy requirements defined by laws and regulations to system business goals
and contexts. The early consideration of requirements satisfies Privacy by Design, a key concept
in General Data Protection Regulation 2012. The proposed semantic model consists of a number
of ontologies each corresponding to a knowledge component within the developed framework of
our approach. Each ontology is a thesaurus of concepts in the compliance related to system along
with relationships and rules between these concepts that encompass the domain knowledge. The
main contribution of the work presented in this paper is the ontology-based compliance
framework that demonstrates how description-logic reasoning techniques can be used to
simulate legal reasoning requirements employed by legal professions against the description of
each ontology
A High-Level Scheme for an Ontology-Based Compliance Framework in Software Development
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Software development market is currently
witnessing an increasing demand for software applications
conformance with the international regime of GRC for
Governance, Risk and Compliance. In this paper, we
propose a compliance requirement analysis method for
early stages of software development based on a
semantically-rich model, where a mapping can be
established from legal and regulatory requirements
relevant to system context to software system business goals
and contexts. The proposed semantic model consists of a
number of ontologies each corresponding to a knowledge
component within the developed framework of our
approach. Each ontology is a thesaurus of concepts in the
compliance and risk assessment domain related to system
development along with relationships and rules between
concepts that compromise the domain knowledge. The main
contribution of the work presented in this paper is a case
study that demonstrates how description-logic reasoning
techniques can be used to simulate legal reasoning
requirements employed by legal professions against the
description of each ontology
A Semantic Rule-Based Approach for Software Privacy by Design
Information system business is currently witnessing an increasing demand for system conformance with the international regime of GRC Governance, Risk and Compliance. Among different compliance approaches, data protection and privacy laws plays a key role. In this paper, we propose a compliance requirement analysis method from early stages of system modelling based on a semantically-rich model, where a mapping can be established from data protection and privacy requirements defined by laws and regulations to system business goals and contexts. The early consideration of requirements satisfies Privacy by Design, a key concept in General Data Protection Regulation 2012. The proposed semantic model consists of a number of ontologies each corresponding to a knowledge component within the developed framework of our approach. Each ontology is a thesaurus of concepts in the compliance related to system along with relationships and rules between these concepts that encompass the domain knowledge. The main contribution of the work presented in this paper is the ontology-based compliance framework that demonstrates how description-logic reasoning techniques can be used to simulate legal reasoning requirements employed by legal professions against the description of each ontology
A szemantikus folyamatmenedzsment hasznosĂtási lehetĹ‘sĂ©ge az ĂĽzleti folyamatok tudásalapĂş fejlesztĂ©sĂ©ben
Kutatásomban a folyamatmenedzsment Ă©s a tudásmenedzsment terĂĽleteit kapcsolom össze, cĂ©lom ugyanis a folyamatmodellekbĹ‘l indulva feltárni a munkakörök betöltĂ©sĂ©hez szĂĽksĂ©ges tudáselemeket, illetve ezek kinyerĂ©sĂ©nek mĂłdszereit, majd ezekbĹ‘l ontolĂłgia Ă©pĂtĂ©sĂ©vel a tudástranszfer megvalĂłsĂtásához konkrĂ©t megoldást adni.
A kutatás cĂ©lja olyan informatikai Ă©s tudásmenedzsment eszköz kialakĂtása, amely kĂ©pes a szervezeti tudásvagyont a szervezet folyamatait lekĂ©pezĹ‘ folyamatmodellekbĹ‘l kinyerni, azt ontolĂłgiába lekĂ©pezni, majd ezt a humán szereplĹ‘k Ă©s az eredeti folyamat fejlesztĂ©sĂ©re hasznosĂtani. A fejlesztĂ©s alapja a folyamat referenciafolyamatokkal, best practice-ekkel valĂł összehasonlĂtása, kiemelt fontosságot adva a feltárt tudáselemeknek Ă©s kompetenciáknak. A folyamatmodellek fejlesztĂ©se Ăgy nem csak a tradicionális BPR vagy CPI alapokon valĂłsul meg, hiszen a klasszikus elvek kiegĂ©szĂĽlnek egy tudásalapĂş összehasonlĂtás fejlesztĂ©sre használhatĂł eredmĂ©nyĂ©vel is. (...
Dienstorientierte Integration von Managementwerkzeugen
Um betriebliche Abläufe bei einem IT-Dienstleister flexibel zu automatisieren ist die Unterstützung durch spezielle Informationssysteme erforderlich. Ziel der Arbeit ist es, den Entwurf dieser Informationssysteme vom Blickpunkt der strukturierten Softwareentwicklung zu betrachten, wobei verschiedene Kriterien (Prozessorientierung, Standardisierung und Wiederverwendbarkeit) hinsichtlich der einzelnen Systemkomponenten im Kern der Betrachtungen stehen
A semantic based framework for software regulatory compliance
Software development market is currently witnessing an increasing demand for software applications conformance with the international regime of GRC for Governance, Risk and Compliance. In this thesis, we propose a compliance requirement analysis method for early stages of software development based on a semantically-rich model, where a mapping can be established from legal and regulatory requirements relevant to system context to software system goals and contexts. This research is an attempt to address the requirement of General Data Protection Regulation (GDPR, Article 25) (European Commission) for implementation of a "privacy by design” approach as part of organizational IT-systems and processes. It requires design of data protection requirements in the development of business processes for products and services. The proposed semantic model consists of a number of ontologies each corresponding to a knowledge component within the developed framework of our approach. Each ontology is a thesaurus of concepts in the compliance and risk assessment domain related to system development along with relationships and rules between concepts that compromise the domain knowledge. The main contribution of the work presented in this paper is a novel ontology-based framework that demonstrates how description-logic reasoning techniques can be used to simulate legal reasoning requirements employed by legal professions against the description of each ontology. The semantic modelling of each component of framework can highly influence the compliance of developing software system and enables the reusability, adaptability and maintainability of these components. Through the discrete modelling of these components, the flexibility and extensibility of compliance systems will be improved.
Additionally, enriching ontologies with semantic rules increases the reasoning power and helps to represent rules of laws, regulations and guidelines for compliance, also mapping, refinement and inheriting of different components from each other. This novel approach offers a pedagogically effective and satisfactory learning experience for developers and compliance officers to be trained in area of compliance and query for knowledge in this domain. This thesis offers the theoretical models, design and implementation of a compliance system in accordance with this approach
Ontology-based representation of compliance requirements for service processes
Service processes are becoming increasingly essential in modern economies as traditional, production-oriented industries decline. When comparing service processes to standard business processes, a major distinction is that the\ud
quality of their result, i.e., the service produced, cannot be measured in advance. Therefore, the compliance of the service process with quality standards plays an important role in convincing the customer that the services rendered will result in the quality specified. However, the check for compliance is still a tedious task. To address this situation, an ontology-based approach for representing service processes and checking their compliance is proposed. It is based on two ontologies: one to represent the service processes and the other to store the\ud
compliance requirements. The process representation ontology uses three so-called views to appropriately represent the service processes. The ontology for storing the compliance requirements differentiates syntactic, semantic and pragmatic requirements
Modellierung und Simulation von IT-Dienstleistungsprozessen
Eine der Ursachen für die ungenaue Bestimmung von Service-Levels in IT-Dienstleistungsvereinbarungen liegt in der informellen Repräsentation von IT-Dienstleistungsprozessen. In der Arbeit wird eine integrierte Methode entwickelt, mit der Dienstanbieter verschiedene Qualitätsmerkmale von IT-Dienstleistungen und die zu ihrer Erbringung benötigten IT-Dienstleistungsprozesse modellieren und simulieren können
Modellierung und Simulation von IT-Dienstleistungsprozessen
Eine der Ursachen für die ungenaue Bestimmung von Service-Levels in IT-Dienstleistungsvereinbarungen liegt in der informellen Repräsentation von IT-Dienstleistungsprozessen. In der Arbeit wird eine integrierte Methode entwickelt, mit der Dienstanbieter verschiedene Qualitätsmerkmale von IT-Dienstleistungen und die zu ihrer Erbringung benötigten IT-Dienstleistungsprozesse modellieren und simulieren können