A System For Visual Role-Based Policy Modelling

The definition of security policies in information systems and programming applications is often accomplished through traditional low level languages that are difficult to use. This is a remarkable drawback if we consider that security policies are often specified and maintained by top level enterprise managers who would probably prefer to use simplified, metaphor oriented policy management tools. To support all the different kinds of users we propose a suite of visual languages to specify access and security policies according to the role based access control (RBAC) model. Moreover, a system implementing the proposed visual languages is proposed. The system provides a set of tools to enable a user to visually edit security policies and to successively translate them into (eXtensible Access Control Markup Language) code, which can be managed by a Policy Based Management System supporting such policy language. The system and the visual approach have been assessed by means of usability studies and of several case studies. The one presented in this paper regards the configuration of access policies for a multimedia content management platform providing video streaming services also accessible through mobile devices

Enterprise Information Security Management Based on Context-Aware RBAC and Communication Monitoring Technology

Information technology has an enormous influence in many enterprises. Computers have not only become important devices that people rely on in their daily lives and work, but have also become essential tools for enterprises. More and more enterprises have shifted their focus to how to prevent outer forces from invading and stealing from networks. However, many enterprises have disregarded the significance of internal leaking, which also plays a vital role in information management. This research proposes an information security management approach that is based on context-aware role-based access control (RBAC) and communication monitoring technology, in order to achieve enterprise information security management. In this work, it is suggested that an enterprise may, first, use an organizational chart to list job roles and corresponding permissions. RBAC is a model that focuses on different work tasks and duties. Subsequently, the enterprise may define a security policy to enforce the context-aware RBAC model. Finally, the enterprise may use communication monitoring technology in order to implement information security management. The main contribution of this work is the potential it provides to both reduce information security incidents, such as internal information leakage, and allow for effective cost control of information systems

MANAGEMENT OF INNOVATIVE DEVELOPMENT OF ENTERPRISES IN THE CONTEXT OF A CHOICE OF ENERGY SECURITY STRATEGY

The subject matter of the research in the article is the energy security strategy of enterprise, the choice of which for the enterprise is the basis of full functioning, further economic and innovative development. The goal of this article is to identify the conditions and criteria of a choice of energy security strategy of enterprises taking into account the factors and threats of the internal and external environment. In the article we used such methods and techniques of scientific cognition: methods of analysis and synthesis – to consider the essence of energy security strategy, method of theoretical generalization – to identify the formation stages of energy security strategy of enterprise in the conditions of innovative development, a taxonomy-analytical method – to classify the main components of the energy security strategy management of enterprise, method of logical generalization – to justify the relevance of the topic, goals and objectives of the research, method of transition from abstract to concrete – in the formulation and justification of proposals for the selection of energy security strategy in the conditions of innovative development of the enterprise. Tasks: to determine the choice of alternative strategic perspectives of energy security; to analyze the main approaches to formation of energy security strategy in the conditions of innovative development; to develop scientific and methodological recommendations for neutralization of threats of the energy strategy of enterprise in internal and external environment, revealed in innovation development process. The following results were obtained: defined the main selection criteria of energy security strategy of enterprise; the author’s interpretation of the concept "energy security strategy of enterprise" is proposed, which is based on the vector of innovative development of enterprise in the field of energy security, which is aimed at rational and efficient use of energy and natural energy resources for achievement of strategic innovation aimed goals of energy policy; a structure for the energy security monitoring of enterprise has been formed and the main tasks of the enterprise’s energy security subdivision have been defined. Conclusions. Management of innovative development of the enterprise involves the development and implementation of the concept, which is the basis for the formation of the enterprise economically grounded policy of improving the competitiveness of the enterprise. The dynamism and uncertainty of the market economy requires management of the enterprise quick adaptation to changing environmental conditions. Achievement of effective functioning of socio-economic systems is possible on the basis of efficiency and focus on reducing energy consumption of the enterprise. Consequently, management of innovative development of the enterprise which is based on energy security, may be the only way for domestic enterprises, which will provide a significant increase in competitiveness and form a new management paradigm in the long term

A Software-Based Trust Framework for Distributed Industrial Management Systems

One of the major problems in industrial security management is that most organizations or enterprises do not provide adequate guidelines or well-defined policy with respect to trust management, and trust is still an afterthought in most security engineering projects. With the increase of handheld devices, managers of business organizations tend to use handheld devices to access the information systems. However, the connection or access to an information system requires appropriate level of trust. In this paper, we present a flexible, manageable, and configurable software-based trust framework for the handheld devices of mangers to access distributed information systems. The presented framework minimizes the effects of malicious recommendations related to the trust from other devices or infrastructures. The framework allows managers to customize trust-related settings depending on network environments in an effort to create a more secure and functional network. To cope with the organizational structure of a large enterprise, within this framework, handheld devices of managers are broken down into different categories based upon available resources and desired security functionalities. The framework is implemented and applied to build a number of trust sensitive applications such as health care

Enterprise information security policy assessment - an extended framework for metrics development utilising the goal-question-metric approach

Effective enterprise information security policy management requires review and assessment activities to ensure information security policies are aligned with business goals and objectives. As security policy management involves the elements of policy development process and the security policy as output, the context for security policy assessment requires goal-based metrics for these two elements. However, the current security management assessment methods only provide checklist types of assessment that are predefined by industry best practices and do not allow for developing specific goal-based metrics. Utilizing theories drawn from literature, this paper proposes the Enterprise Information Security Policy Assessment approach that expands on the Goal-Question-Metric (GQM) approach. The proposed assessment approach is then applied in a case scenario example to illustrate a practical application. It is shown that the proposed framework addresses the requirement for developing assessment metrics and allows for the concurrent undertaking of process-based and product-based assessment. Recommendations for further research activities include the conduct of empirical research to validate the propositions and the practical application of the proposed assessment approach in case studies to provide opportunities to introduce further enhancements to the approach

Index insurance and climate risk management: addressing social equity

Motivation Fair distribution of benefits from index insurance matters. Lack of attention to social equity can reinforce inequalities and undermine the potential index insurance holds as a tool for climate risk management that is also pro-poor. Purpose The aims are to: (i) examine social equity concerns raised by index insurance in the context of climate risk management; (ii) consider how greater attention can be given to social equity in index insurance initiatives; and (iii) reflect on the policy challenges raised by seeking to take social equity into account as a mechanism for climate risk reduction. Approach and methods The article draws on learning from the CGIAR’s Research Program on Climate Change, Agriculture and Food Security (CCAFS) and presents the cases of the Index Based Livelihoods Insurance (IBLI) and Agriculture and Climate Risk Enterprise Ltd. (ACRE) in East Africa. It proposes a framework for unpacking social equity related to equitable access, procedures, representation and distribution within index insurance schemes Findings Systematically addressing social equity raises hard policy choices for index insurance initiatives without straightforward solutions. Attention to how benefits and burdens of index insurance are distributed raises the unpalateable truth for development policy that the poorest members of rural society can be excluded. Nevertheless, a focus on social equity may open up opportunities to ensure index insurance is linked to more socially just climate risk management. At the very least, it may prevent index insurance from generating greater inequality. Taking social equity into account thus, shifts the focus from agricultural systems in transition per se to systems with potential to incorporate societal transformation through distributive justice. Policy implications A framework is presented for unpacking different dimensions of social equity in index insurance schemes. It is intended to facilitate identification of opportunities for building outcomes that are more equitable, with greater potential for inclusion and fairer distribution

Privacy in an Ambient World

Privacy is a prime concern in today's information society. To protect\ud the privacy of individuals, enterprises must follow certain privacy practices, while\ud collecting or processing personal data. In this chapter we look at the setting where an\ud enterprise collects private data on its website, processes it inside the enterprise and\ud shares it with partner enterprises. In particular, we analyse three different privacy\ud systems that can be used in the different stages of this lifecycle. One of them is the\ud Audit Logic, recently introduced, which can be used to keep data private when it\ud travels across enterprise boundaries. We conclude with an analysis of the features\ud and shortcomings of these systems